Evaluating On-demand Pseudonym Acquisition Policies in Vehicular Communication Systems

Standardization and harmonization efforts have reached a consensus towards using a special-purpose Vehicular Public-Key Infrastructure (VPKI) in upcoming Vehicular Communication (VC) systems. However, there are still several technical challenges with no conclusive answers; one such an important yet open challenge is the acquisition of shortterm credentials, pseudonym: how should each vehicle interact with the VPKI, e.g., how frequently and for how long? Should each vehicle itself determine the pseudonym lifetime? Answering these questions is far from trivial. Each choice can affect both the user privacy and the system performance and possibly, as a result, its security. In this paper, we make a novel systematic effort to address this multifaceted question. We craft three generally applicable policies and experimentally evaluate the VPKI system performance, leveraging two large-scale mobility datasets. We consider the most promising, in terms of efficiency, pseudonym acquisition policies; we find that within this class of policies, the most promising policy in terms of privacy protection can be supported with moderate overhead. Moreover, in all cases, this work is the first to provide tangible evidence that the state-of-the-art VPKI can serve sizable areas or domain with modest computing resources.Comment: 6 pages, 7 figures, IoV-VoI'1

SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems

Several years of academic and industrial research efforts have converged to a common understanding on fundamental security building blocks for the upcoming Vehicular Communication (VC) systems. There is a growing consensus towards deploying a special-purpose identity and credential management infrastructure, i.e., a Vehicular Public-Key Infrastructure (VPKI), enabling pseudonymous authentication, with standardization efforts towards that direction. In spite of the progress made by standardization bodies (IEEE 1609.2 and ETSI) and harmonization efforts (Car2Car Communication Consortium (C2C-CC)), significant questions remain unanswered towards deploying a VPKI. Deep understanding of the VPKI, a central building block of secure and privacy-preserving VC systems, is still lacking. This paper contributes to the closing of this gap. We present SECMACE, a VPKI system, which is compatible with the IEEE 1609.2 and ETSI standards specifications. We provide a detailed description of our state-of-the-art VPKI that improves upon existing proposals in terms of security and privacy protection, and efficiency. SECMACE facilitates multi-domain operations in the VC systems and enhances user privacy, notably preventing linking pseudonyms based on timing information and offering increased protection even against honest-but-curious VPKI entities. We propose multiple policies for the vehicle-VPKI interactions, based on which and two large-scale mobility trace datasets, we evaluate the full-blown implementation of SECMACE. With very little attention on the VPKI performance thus far, our results reveal that modest computing resources can support a large area of vehicles with very low delays and the most promising policy in terms of privacy protection can be supported with moderate overhead.Comment: 14 pages, 9 figures, 10 tables, IEEE Transactions on Intelligent Transportation System

Trust Management For A Decentralized Service Exposure Marketplace: A Service Exposure Perspective

Enabling trust between entities to collaborate, without the necessity of a third-party mediator is a challenging problem. This problem is highlighted when the collaboration involves a complicated process, spans multiple systems, and encompasses a large number of entities. This is the case in a decentralized service exposure marketplace. In this work, we design and implement a \ac{PoC} suite of services to enable a blockchain to become the anchor of trust for a decentralized service exposure marketplace. We first formalize the necessary requirements to enable trust between a consortium of entities hosting the marketplace. We then follow with a threat model against the identified requirement, highlighting misbehaviour from the different entities. Finally, we propose a model, Trust Engine, which facilitates the trust management process and mitigates the identified threats. We showcase a proof-of-concept of our model, utilizing a combination of smart contracts (hyperledger fabric), blockchain, and service mesh technology (Istio). The Trust Engine successfully identifies the misbehaviour, documents it in the blockchain, and enforces polices to remediate the misbehaviour. Furthermore, we examined each component in our suggested system to identify the performance bottleneck. Lastly, we discuss the limitations of our suggested model with regards to other service mesh deployment models as well as potential future work and improvements