15 research outputs found

    Formal Analysis of V2X Revocation Protocols

    Get PDF
    Research on vehicular networking (V2X) security has produced a range of security mechanisms and protocols tailored for this domain, addressing both security and privacy. Typically, the security analysis of these proposals has largely been informal. However, formal analysis can be used to expose flaws and ultimately provide a higher level of assurance in the protocols. This paper focusses on the formal analysis of a particular element of security mechanisms for V2X found in many proposals: the revocation of malicious or misbehaving vehicles from the V2X system by invalidating their credentials. This revocation needs to be performed in an unlinkable way for vehicle privacy even in the context of vehicles regularly changing their pseudonyms. The REWIRE scheme by Forster et al. and its subschemes BASIC and RTOKEN aim to solve this challenge by means of cryptographic solutions and trusted hardware. Formal analysis using the TAMARIN prover identifies two flaws with some of the functional correctness and authentication properties in these schemes. We then propose Obscure Token (OTOKEN), an extension of REWIRE to enable revocation in a privacy preserving manner. Our approach addresses the functional and authentication properties by introducing an additional key-pair, which offers a stronger and verifiable guarantee of successful revocation of vehicles without resolving the long-term identity. Moreover OTOKEN is the first V2X revocation protocol to be co-designed with a formal model.Comment: 16 pages, 4 figure

    VANET SECURITY FRAMEWORK FOR LOW LATENCY SAFETY APPLICATIONS

    Get PDF
    Vehicular Ad hoc Network (VANET) is a communication network for vehicles on the road. The concept of VANET is to create communication between vehicles, such as one vehicle is able to inform another vehicle about the road conditions. Communication is possible by vehicle to vehicle (V2V) and vehicle to road side unit (V2R). Presently, VANET technology is surrounded with security challenges and it is essentially important for VANET to successfully implement a security measure according to the safety applications requirements. Many researchers have proposed a number of solutions to counter security attacks and also to improve certain aspects of security i.e. authentication, privacy, and non-repudiation. The current most suitable security scheme for VANET is an Elliptic Curve Digital Signature Algorithm (ECDSA) asymmetric security mechanism. ECDSA is small in key size but it provides the same level of security as the large key sized scheme. However ECDSA is associated with high computational cost, thus lacking applicability in life-critical safety messaging. Due to that reason, alternative security schemes have been proposed, such as symmetric methods which provide faster communication, but at the expense of reduced security. Hence, hybrid and hardware based solutions have been proposed by researchers to mitigate the issue. However, these solutions still do not satisfy the existing safety applications standard or have larger message size due to increased message drop ratio. In this thesis, a security framework is presented; one that uses both standard asymmetric PKI and symmetric cryptography for faster and secured safety message exchange. The proposed framework is expected to improve the security mechanism in VANET by developing trust relationship among the neighboring nodes, hence forming trusted groups. The trust is established via Trusted Platform Module (TPM) and group communication. In this study, the proposed framework methods are simulated using two propagation models, i.e. two ray ground model and Nakagami model for VANET environment (802.11p). In this simulation, two traffic scenarios such as highway and urban are established. The outcome of both simulation scenarios is analyzed to identify the performance of the proposed methods in terms of latency (End-to-End Delay and Processing Delay). Also, the proposed V2V protocol for a framework is validated using a software in order to establish trust among vehicles

    Location Privacy in VANETs: Improved Chaff-Based CMIX and Privacy-Preserving End-to-End Communication

    Get PDF
    VANETs communication systems are technologies and defined policies that can be formed to enable ITS applications to provide road traffic efficacy, warning about such issues as environmental dangers, journey circumstances, and in the provision of infotainment that considerably enhance transportation safety and quality. The entities in VANETs, generally vehicles, form part of a massive network known as the Internet of Vehicles (IoV). The deployment of large-scale VANETs systems is impossible without ensuring that such systems are themselves are safe and secure, protecting the privacy of their users. There is a risk that cars might be hacked, or their sensors become defective, causing inaccurate information to be sent across the network. Consequently, the activities and credentials of participating vehicles should be held responsible and quickly broadcast throughout a vast VANETs, considering the accountability in the system. The openness of wireless communication means that an observer can eavesdrop on vehicular communication and gain access or otherwise deduce users' sensitive information, and perhaps profile vehicles based on numerous factors such as tracing their travels and the identification of their home/work locations. In order to protect the system from malicious or compromised entities, as well as to preserve user privacy, the goal is to achieve communication security, i.e., keep users' identities hidden from both the outside world and the security infrastructure and service providers. Being held accountable while still maintaining one's privacy is a difficult balancing act. This thesis explores novel solution paths to the above challenges by investigating the impact of low-density messaging to improve the security of vehicle communications and accomplish unlinkability in VANETs. This is achieved by proposing an improved chaff-based CMIX protocol that uses fake messages to increase density to mitigate tracking in this scenario. Recently, Christian \etall \cite{vaas2018nowhere} proposed a Chaff-based CMIX scheme that sends fake messages under the presumption low-density conditions to enhance vehicle privacy and confuse attackers. To accomplish full unlinkability, we first show the following security and privacy vulnerabilities in the Christian \etall scheme: linkability attacks outside the CMIX may occur due to deterministic data-sharing during the authentication phase (e.g., duplicate certificates for each communication). Adversaries may inject fake certificates, which breaks Cuckoo Filters' (CFs) updates authenticity, and the injection may be deniable. CMIX symmetric key leakage outside the coverage may occur. We propose a VPKI-based protocol to mitigate these issues. First, we use a modified version of Wang \etall's \cite{wang2019practical} scheme to provide mutual authentication without revealing the real identity. To this end, a vehicle's messages are signed with a different pseudo-identity “certificate”. Furthermore, the density is increased via the sending of fake messages during low traffic periods to provide unlinkability outside the mix-zone. Second, unlike Christian \etall's scheme, we use the Adaptive Cuckoo Filter (ACF) instead of CF to overcome the effects of false positives on the whole filter. Moreover, to prevent any alteration of the ACFs, only RUSs distribute the updates, and they sign the new fingerprints. Third, mutual authentication prevents any leakage from the mix zones' symmetric keys by generating a fresh one for each communication through a Diffie–Hellman key exchange. As a second main contribution of this thesis, we focus on the V2V communication without the interference of a Trusted Third Party (TTP)s in case this has been corrupted, destroyed, or is out of range. This thesis presents a new and efficient end-to-end anonymous key exchange protocol based on Yang \etall's \cite{yang2015self} self-blindable signatures. In our protocol, vehicles first privately blind their own private certificates for each communication outside the mix-zone and then compute an anonymous shared key based on zero-knowledge proof of knowledge (PoK). The efficiency comes from the fact that once the signatures are verified, the ephemeral values in the PoK are also used to compute a shared key through an authenticated Diffie-Hellman key exchange protocol. Therefore, the protocol does not require any further external information to generate a shared key. Our protocol also does not require interfacing with the Roadside Units or Certificate Authorities, and hence can be securely run outside the mixed-zones. We demonstrate the security of our protocol in ideal/real simulation paradigms. Hence, our protocol achieves secure authentication, forward unlinkability, and accountability. Furthermore, the performance analysis shows that our protocol is more efficient in terms of computational and communications overheads compared to existing schemes.Kuwait Cultural Offic

    A Communications-Oriented Perspective on Traffic Management Systems for Smart Cities: Challenges and Innovative Approaches

    Get PDF
    The growing size of cities and increasing population mobility have determined a rapid increase in the number of vehicles on the roads, which has resulted in many challenges for road traffic management authorities in relation to traffic congestion, accidents, and air pollution. Over the recent years, researchers from both industry and academia have been focusing their efforts on exploiting the advances in sensing, communication, and dynamic adaptive technologies to make the existing road traffic management systems (TMSs) more efficient to cope with the aforementioned issues in future smart cities. However, these efforts are still insufficient to build a reliable and secure TMS that can handle the foreseeable rise of population and vehicles in smart cities. In this survey, we present an up-to-date review of the different technologies used in the different phases involved in a TMS and discuss the potential use of smart cars and social media to enable fast and more accurate traffic congestion detection and mitigation. We also provide a thorough study of the security threats that may jeopardize the efficiency of the TMS and endanger drivers' lives. Furthermore, the most significant and recent European and worldwide projects dealing with traffic congestion issues are briefly discussed to highlight their contribution to the advancement of smart transportation. Finally, we discuss some open challenges and present our own vision to develop robust TMSs for future smart cities

    Cyberphysical Constructs and Concepts for Fully Automated Networked Vehicles

    Get PDF
    Human lives are at stake in networked systems of automated vehicles. Drawing from mature domains where life/safety critical cyberphysical systems have already been deployed as well as from various scientific disciplines, we introduce the SPEC (Safety, Privacy, Efficiency, Cybersecurity) problem which arises in self-organizing and self-healing networks of fully automated terrestrial vehicles, and CMX functionalities intended for vehicular onboard systems. CM stands for Coordinated Mobility, X stands for S, P, E and C. The CMX framework encompasses cyberphysical constructs (cells, cohorts) endowed with proven properties, onboard proactive security modules, unfalsifiable cyberphysical levels, protocols and distributed algorithms for timed-bounded inter-vehicular communications, reliable message dissemination, trusted explicit agreements/coordination, and privacy preserving options that insulate passengers from illegitimate internal cyber-surveillance and external eavesdropping and tracking. We establish inter alia that safety and privacy can be obtained jointly, by design. The focus of this report is on SE properties. Notably, we show how to achieve theoretical absolute safety (0 fatalities and 0 severe injuries in rear-end collisions and pileups) and highest efficiency (smallest safe inter-vehicular gaps) jointly, by design, in spontaneous cohorts of vehicles. Results conveyed in this report shall open new opportunities for innovative research and development of high societal impact.Les vies humaines sont en jeu dans les réseaux de véhicules automatisés, à l’instar de domaines matures où des systèmes critiques en matière de sécurité-innocuité ont déjà été déployés. Les connaissances acquises dans ces domaines ainsi que dans diverses disciplines scientifiques permettent de définir le problème SPEC (Safety, Privacy, Efficiency, Cybersecurity) qui se pose dans les réseaux auto-organisés et auto-réparateurs de véhicules terrestres à conduite entièrement automatisée. On introduit CMX, un ensemble de fonctionnalités destinées aux systèmes bord. CM est l’abréviation de Coordinated Mobility, et X signifie S, P, E et C. L’ensemble CMX repose sur des constructions cyberphysiques (cellules, cohortes) dotées de propriétés prouvées, les concepts de module de sécurité proactif et de niveaux cyberphysiques infalsifiables, des protocoles et des algorithmes distribués pour communications inter-véhiculaires en temps borné, dissémination fiable de messages, coordination et accords explicites dignes de confiance, ainsi que sur des options de protection de la vie privée qui permettent aux passagers d’interdire la cyber-surveillance illégitime interne et externe (écoutes radio et pistage des trajets). On établit qu’il est possible de garantir conjointement sécurité-innocuité (safety) et respect de la vie privée (privacy), par conception. Ce rapport est consacré aux propriétés SE. En particulier, on montre comment obtenir la sécurité-innocuité absolue théorique (taux nul de mortalité et de graves blessures en cas de collisions longitudinales) et maximiser l’efficacité (espaces inter-véhiculaires minimaux) conjointement, par conception, dans les cohortes spontanées de véhicules. Les résultats contenus dans ce rapport devraient ouvrir de nouvelles perspectives de recherche et développement à fort impact sociétal

    Rate-Adaptation Based Congestion Control for Vehicle Safety Communications

    Get PDF
    This thesis deals with the scalability of Vehicle Safety Communications (VSC), where vehicles exchange periodic status messages to support future driver assistance applications. We systematically develop a design methodology for congestion control in VSC and present a resulting protocol named PULSAR. While previous works typically focused on controlling channel load only, we thereby integrate a concept which allows the adaptation to operate within the limits defined by safety applications

    Security Verification of Secure MANET Routing Protocols

    Get PDF
    Secure mobile ad hoc network (MANET) routing protocols are not tested thoroughly against their security properties. Previous research focuses on verifying secure, reactive, accumulation-based routing protocols. An improved methodology and framework for secure MANET routing protocol verification is proposed which includes table-based and proactive protocols. The model checker, SPIN, is selected as the core of the secure MANET verification framework. Security is defined by both accuracy and availability: a protocol forms accurate routes and these routes are always accurate. The framework enables exhaustive verification of protocols and results in a counter-example if the protocol is deemed insecure. The framework is applied to models of the Optimized Link-State Routing (OLSR) and Secure OLSR protocol against five attack vectors. These vectors are based on known attacks against each protocol. Vulnerabilities consistent with published findings are automatically revealed. No unknown attacks were found; however, future attack vectors may lead to new attacks. The new framework for verifying secure MANET protocols extends verification capabilities to table-based and proactive protocols

    RFID Technology in Intelligent Tracking Systems in Construction Waste Logistics Using Optimisation Techniques

    Get PDF
    Construction waste disposal is an urgent issue for protecting our environment. This paper proposes a waste management system and illustrates the work process using plasterboard waste as an example, which creates a hazardous gas when land filled with household waste, and for which the recycling rate is less than 10% in the UK. The proposed system integrates RFID technology, Rule-Based Reasoning, Ant Colony optimization and knowledge technology for auditing and tracking plasterboard waste, guiding the operation staff, arranging vehicles, schedule planning, and also provides evidence to verify its disposal. It h relies on RFID equipment for collecting logistical data and uses digital imaging equipment to give further evidence; the reasoning core in the third layer is responsible for generating schedules and route plans and guidance, and the last layer delivers the result to inform users. The paper firstly introduces the current plasterboard disposal situation and addresses the logistical problem that is now the main barrier to a higher recycling rate, followed by discussion of the proposed system in terms of both system level structure and process structure. And finally, an example scenario will be given to illustrate the system’s utilization

    Formal model of certificate omission schemes in VANET

    Get PDF
    The benefits of certificate omission schemes in VANET have been so far proven by simulation. However, the research community is lacking of a formal model that would allow implementers and policy makers to select the optimal parameters for such schemes. In this paper, we lay the foundations of the formal model for certificate omission schemes in VANET. We apply the model to ’No Omission’ and ’Periodic Omission’, which validates the previous simulation and formulates the optimal parameters for these schemes
    corecore