RHyTHM: A Randomized Hybrid Scheme To Hide in the Mobile Crowd

Any on-demand pseudonym acquisition strategy is problematic should the connectivity to the credential management infrastructure be intermittent. If a vehicle runs out of pseudonyms with no connectivity to refill its pseudonym pool, one solution is the on-the-fly generation of pseudonyms, e.g., leveraging anonymous authentication. However, such a vehicle would stand out in the crowd: one can simply distinguish pseudonyms, thus signed messages, based on the pseudonym issuer signature, link them and track the vehicle. To address this challenge, we propose a randomized hybrid scheme, RHyTHM, to enable vehicles to remain operational when disconnected without compromising privacy: vehicles with valid pseudonyms help others to enhance their privacy by randomly joining them in using on-the-fly self-certified pseudonyms along with aligned lifetimes. This way, the privacy of disconnected users is enhanced with a reasonable computational overhead.Comment: 4 pages, 4 figures, IEEE Vehicular Networking Conference (VNC), November 27-29, 2017, Torino, Ital

Security Analysis of Digital Signature Scheme with Message Recovery using Self-Certified Public Keys

Tseng and his colleagues have proposed two variants of authenticated encryption scheme using self-certified public keys. Their schemes have two fundamental properties. Only the intended receiver can recover the message while verifying the signature, and each user can use his own private key independently without system authority learning about it. This paper presents man-in-the-middle attacks to both Tseng and his colleagues authenticated encryption variants. It will be shown that these schemes are not secure against this attack

Remote attestation mechanism for embedded devices based on physical unclonable functions

Remote attestation mechanisms are well studied in the high-end computing environments; however, the same is not true for embedded devices-especially for smart cards. With ever changing landscape of smart card technology and advancements towards a true multi-application platform, verifying the current state of the smart card is significant to the overall security of such proposals. The initiatives proposed by GlobalPlatform Consumer Centric Model (GP-CCM) and User Centric Smart Card Ownership Model (UCOM) enables a user to download any application as she desire-depending upon the authorisation of the application provider. Before an application provider issues an application to a smart card, verifying the current state of the smart card is crucial to the security of the respective application. In this paper, we analyse the rationale behind the remote attestation mechanism for smart cards, and the fundamental features that such a mechanism should possess. We also study the applicability of Physical Unclonable Functions (PUFs) for the remote attestation mechanism and propose two algorithms to achieve the stated features of remote attestation. The proposed algorithms are implemented in a test environment to evaluate their performance. © 2013 The authors and IOS Press. All rights reserved