Formal Analysis of V2X Revocation Protocols

Research on vehicular networking (V2X) security has produced a range of security mechanisms and protocols tailored for this domain, addressing both security and privacy. Typically, the security analysis of these proposals has largely been informal. However, formal analysis can be used to expose flaws and ultimately provide a higher level of assurance in the protocols. This paper focusses on the formal analysis of a particular element of security mechanisms for V2X found in many proposals: the revocation of malicious or misbehaving vehicles from the V2X system by invalidating their credentials. This revocation needs to be performed in an unlinkable way for vehicle privacy even in the context of vehicles regularly changing their pseudonyms. The REWIRE scheme by Forster et al. and its subschemes BASIC and RTOKEN aim to solve this challenge by means of cryptographic solutions and trusted hardware. Formal analysis using the TAMARIN prover identifies two flaws with some of the functional correctness and authentication properties in these schemes. We then propose Obscure Token (OTOKEN), an extension of REWIRE to enable revocation in a privacy preserving manner. Our approach addresses the functional and authentication properties by introducing an additional key-pair, which offers a stronger and verifiable guarantee of successful revocation of vehicles without resolving the long-term identity. Moreover OTOKEN is the first V2X revocation protocol to be co-designed with a formal model.Comment: 16 pages, 4 figure

SPATA: Strong Pseudonym based AuthenTicAtion in Intelligent Transport System

Intelligent Transport System (ITS) is generally deployed to improve road safety, comfort, security, and traffic efficiency. A robust mechanism of authentication and secure communication is required to protect privacy and conditional resolution of pseudonyms to revoke malicious vehicles. In a typical ITS framework, a station can be a vehicle, Road Side Unit (RSU), or a server that can participate in communication. During authentication, the real identity of an Intelligent Transport System-Station (ITSS), referred to as a vehiclečň should not be revealed in order to preserve its privacy. In this paper, we propose a Strong Pseudonym based AutenTicAtion (SPATA) framework for preserving the real identity of vehicles. The distributed architecture of SPATA allows vehicles to generate pseudonyms in a very private and secure way. In the absence of a distributed architecture, the privacy cannot be preserved by storing information regarding vehicles in a single location. Therefore, the concept of linkability of certificates based on single authority is eliminated. This is done by keeping the real identity to pseudonym mappings distributed. Furthermore, the size of the Certificate Revocation List (CRL) is kept small, as only the most recent revoked communication pseudonyms are kept in the CRL. The privacy of the vehicle is preserved during the revocation and resolution phase through the distributed mechanism. Empirical results show that SPATA is a lightweight framework with low computational overhead, average latency, overhead ratio, and stable delivery ratio, in both sparse and dense network scenarios

Formal Analysis of V2X Revocation Protocols.

Research on vehicular networking (V2X) security has produced a range of security mechanisms and protocols tailored for this domain, addressing both security and privacy. Typically, the security analysis of these proposals has largely been informal. However, formal analysis can be used to expose flaws and ultimately provide a higher level of assurance in the protocols. This paper focusses on the formal analysis of a particular element of security mechanisms for V2X found in many proposals, that is the revocation of malicious or misbehaving vehicles from the V2X system by invalidating their credentials. This revocation needs to be performed in an unlinkable way for vehicle privacy even in the context of vehicles regularly changing their pseudonyms. The Rewire scheme by Förster et al. and its subschemes Plain and R-token aim to solve this challenge by means of cryptographic solutions and trusted hardware. Formal analysis using the Tamarin prover identifies two flaws: one previously reported in the literature concerned with functional correctness of the protocol, and one previously unknown flaw concerning an authentication property of the R-token scheme. In response to these flaws we propose Obscure Token (O-token), an extension of Rewire to enable revocation in a privacy preserving manner. Our approach addresses the functional and authentication properties by introducing an additional key-pair, which offers a stronger and verifiable guarantee of successful revocation of vehicles without resolving the long-term identity. Moreover O-token is the first V2X revocation protocol to be co-designed with a formal model