Secure Vehicular Communication Systems: Implementation, Performance, and Research Challenges

Vehicular Communication (VC) systems are on the verge of practical deployment. Nonetheless, their security and privacy protection is one of the problems that have been addressed only recently. In order to show the feasibility of secure VC, certain implementations are required. In [1] we discuss the design of a VC security system that has emerged as a result of the European SeVeCom project. In this second paper, we discuss various issues related to the implementation and deployment aspects of secure VC systems. Moreover, we provide an outlook on open security research issues that will arise as VC systems develop from today's simple prototypes to full-fledged systems

Towards Practical Security of Pseudonymous Signature on the BSI eIDAS Token

In this paper we present an extension of Pseudonymous Signature introduced by the German Federal BSI authority as a part of technical recommendations for electronic identity documents. Without switching to pairing friendly groups we enhance the scheme so that: (a) the issuer does not know the private keys of the citizen (so it cannot impersonate the citizen), (b) a powerful adversary that breaks any number of ID cards created by the Issuer cannot forge new cards that could be proven as fake ones, (c) deanonymization of the pseudonyms used by a citizen is a multi-party protocol, where the consent of each authority is necessary to reveal the identity of a user. (d) we propose extended features concerning fully anonymous signatures and a pragmatic revocation approach. (e) we present an argument for unlinkability (cross-domain anonymity) of the presented schemes. In this way we make a step forwards to overcome the substantial weaknesses of the Pseudonymous Signature scheme. Moreover, the extension is on top of the original scheme with relatively small number of changes, following the strategy of reusing the previous schemes -- thereby reducing the costs of potential technology update

Introducing Accountability to Anonymity Networks

Many anonymous communication (AC) networks rely on routing traffic through proxy nodes to obfuscate the originator of the traffic. Without an accountability mechanism, exit proxy nodes risk sanctions by law enforcement if users commit illegal actions through the AC network. We present BackRef, a generic mechanism for AC networks that provides practical repudiation for the proxy nodes by tracing back the selected outbound traffic to the predecessor node (but not in the forward direction) through a cryptographically verifiable chain. It also provides an option for full (or partial) traceability back to the entry node or even to the corresponding user when all intermediate nodes are cooperating. Moreover, to maintain a good balance between anonymity and accountability, the protocol incorporates whitelist directories at exit proxy nodes. BackRef offers improved deployability over the related work, and introduces a novel concept of pseudonymous signatures that may be of independent interest. We exemplify the utility of BackRef by integrating it into the onion routing (OR) protocol, and examine its deployability by considering several system-level aspects. We also present the security definitions for the BackRef system (namely, anonymity, backward traceability, no forward traceability, and no false accusation) and conduct a formal security analysis of the OR protocol with BackRef using ProVerif, an automated cryptographic protocol verifier, establishing the aforementioned security properties against a strong adversarial model

We the undersigned: anonymous dissent and the struggle for personal identity in online petitions

Anonymous signatures pose a significant threat to the legitimacy of the online petition as a persuasive form of political communication. While anonymous signatures address some privacy concerns for online petitioners, they often fail to identify petitioners as numerically distinct and socially relevant persons, Since anonymous signatures often fail to personally identify online petitioners, they often fail to provide sufficient reason for targeted political authorities to review and respond to their grievances. To recover the personal rhetoric of the online petition in a way that strikes a balance between the publicity and privacy concerns of petitioners, we should reformat online petitions as pseudonymous social networks of personal testimony between petitioners and targeted political authorities. To this end, the pseudonymous signatures of online petitions should incorporate social frames, co-authored complaints and demands, multimedia voice, and revisable support.M.S.Committee Chair: DiSalvo, Carl; Committee Member: Bogost, Ian; Committee Member: Klein, Hans; Committee Member: Murray, Janet; Committee Member: Pearce, Celi

The Cryptographic Security of the German Electronic Identity Card

In November 2010, the German government started to issue the new electronic identity card (eID) to its citizens. Besides its original utilization as a ’visual’ identification document, the eID card can be used by the cardholder to prove one’s identity at border control and to enhance security of authentication processes over the Internet, with the eID card serving as a token to reliably transmit personal data to service providers or terminals, respectively. To this end, the German Federal Office for Information Security (BSI) proposed several cryptographic protocols now deployed on the eID card. The Password Authenticated Connection Establishment (PACE) protocol secures the wireless communication between the eID card and the user’s local card reader, based on a cryptographically weak password like the PIN chosen by the card owner. Subsequently, the Extended Access Control (EAC) protocol is executed by the chip and the service provider to mutually authenticate and agree on a shared secret session key. This key is then used in the secure channel protocol, called Secure Messaging (SM). Finally, an optional protocol, called Restricted Identification (RI), provides a method to use pseudonyms such that they can be linked by individual service providers, but not across different service providers (even not by malicious ones). This thesis consists of two parts. First, we present the above protocols and provide a rigorous analysis on their security from a cryptographic point of view. We show that the Germen eID card provides reasonable security for authentication and exchange of sensitive information allaying concerns regarding its usage. In the second part of this thesis, we introduce two possible modifications to enhance the security of these protocols even further. Namely, we show how to (a) add to PACE an additional efficient chip authentication step, and (b) augment RI to allow also for signatures under pseudonyms

Political organisation, leadership and communication in authoritarian settings: Digital activism in Belarus and Russia

Citizens of authoritarian regimes face multiple constraints when they express critical political views using digital media. The regime may monitor their activities, censor their speech or persecute them. Despite these challenges, politically-active citizens organise outside of traditional hierarchical arrangements to advocate for pro-democracy changes. I analyse how the affordances of digital media help activists to organise, to select and to protect their leaders, as well as to distribute information. I use interviews, content analysis and participant observation to study two recent cases of successful political campaigning on digital media. Unusually, both cases managed to challenge the state elites in authoritarian countries, Belarus and Russia respectively. I found that the two studied organisations relied on ad hoc, segmented and shadowed organisational configurations that deployed vast digital communication infrastructures to disseminate information. Journalists, the authorities and the public often misperceived these configurations as either over-centralised or not organised at all. This misperception, as well as the management of leadership visibility on social media, allowed activist groups to protect some of their leaders from persecution. The findings contribute to the discussion regarding the nature of political organising in the digital age by refining and problematising social movement theories for digital authoritarian contents. The study also contributes to the discussion of the strategies that authoritarian regimes use to respond to and combat online opposition. These findings challenge the idea that authoritarian regimes have neared full co-optation of the internet. Instead, the internet should be considered as a battlefield for political influence