Remote software upload techniques in future vehicles and their performance analysis

Updating software in vehicle Electronic Control Units (ECUs) will become a mandatory requirement for a variety of reasons, for examples, to update/fix functionality of an existing system, add new functionality, remove software bugs and to cope up with ITS infrastructure. Software modules of advanced vehicles can be updated using Remote Software Upload (RSU) technique. The RSU employs infrastructure-based wireless communication technique where the software supplier sends the software to the targeted vehicle via a roadside Base Station (BS). However, security is critically important in RSU to avoid any disasters due to malfunctions of the vehicle or to protect the proprietary algorithms from hackers, competitors or people with malicious intent. In this thesis, a mechanism of secure software upload in advanced vehicles is presented which employs mutual authentication of the software provider and the vehicle using a pre-shared authentication key before sending the software. The software packets are sent encrypted with a secret key along with the Message Digest (MD). In order to increase the security level, it is proposed the vehicle to receive more than one copy of the software along with the MD in each copy. The vehicle will install the new software only when it receives more than one identical copies of the software. In order to validate the proposition, analytical expressions of average number of packet transmissions for successful software update is determined. Different cases are investigated depending on the vehicle\u27s buffer size and verification methods. The analytical and simulation results show that it is sufficient to send two copies of the software to the vehicle to thwart any security attack while uploading the software. The above mentioned unicast method for RSU is suitable when software needs to be uploaded to a single vehicle. Since multicasting is the most efficient method of group communication, updating software in an ECU of a large number of vehicles could benefit from it. However, like the unicast RSU, the security requirements of multicast communication, i.e., authenticity, confidentiality and integrity of the software transmitted and access control of the group members is challenging. In this thesis, an infrastructure-based mobile multicasting for RSU in vehicle ECUs is proposed where an ECU receives the software from a remote software distribution center using the road side BSs as gateways. The Vehicular Software Distribution Network (VSDN) is divided into small regions administered by a Regional Group Manager (RGM). Two multicast Group Key Management (GKM) techniques are proposed based on the degree of trust on the BSs named Fully-trusted (FT) and Semi-trusted (ST) systems. Analytical models are developed to find the multicast session establishment latency and handover latency for these two protocols. The average latency to perform mutual authentication of the software vendor and a vehicle, and to send the multicast session key by the software provider during multicast session initialization, and the handoff latency during multicast session is calculated. Analytical and simulation results show that the link establishment latency per vehicle of our proposed schemes is in the range of few seconds and the ST system requires few ms higher time than the FT system. The handoff latency is also in the range of few seconds and in some cases ST system requires less handoff time than the FT system. Thus, it is possible to build an efficient GKM protocol without putting too much trust on the BSs

A System for Distributed Mechanisms: Design, Implementation and Applications

We describe here a structured system for distributed mechanism design appropriate for both Intranet and Internet applications. In our approach the players dynamically form a network in which they know neither their neighbours nor the size of the network and interact to jointly take decisions. The only assumption concerning the underlying communication layer is that for each pair of processes there is a path of neighbours connecting them. This allows us to deal with arbitrary network topologies. We also discuss the implementation of this system which consists of a sequence of layers. The lower layers deal with the operations that implement the basic primitives of distributed computing, namely low level communication and distributed termination, while the upper layers use these primitives to implement high level communication among players, including broadcasting and multicasting, and distributed decision making. This yields a highly flexible distributed system whose specific applications are realized as instances of its top layer. This design is implemented in Java. The system supports at various levels fault-tolerance and includes a provision for distributed policing the purpose of which is to exclude `dishonest' players. Also, it can be used for repeated creation of dynamically formed networks of players interested in a joint decision making implemented by means of a tax-based mechanism. We illustrate its flexibility by discussing a number of implemented examples.Comment: 36 pages; revised and expanded versio

From OPIMA to MPEG IPMP-X: A standard's history across R&D projects

This paper describes the work performed by a number of companies and universities who have been working as a consortium under the umbrella of the European Union Framework Programme 5 (FP5), Information Society Technologies (IST) research program, in order to provide a set of Digital Rights Management (DRM) technologies and architectures, aiming at helping to reduce the copyright circumvention risks, that have been threatening the music and film industries in their transition from the “analogue” to “digital” age. The paper starts by addressing some of the earlier standardization efforts in the DRM arena, namely, Open Platform Initiative for Multimedia Access (OPIMA). One of the described FP5 IST projects, Open Components for Controlled Access to Multimedia Material (OCCAMM), has developed the OPIMA vision. The paper addresses also the Motion Pictures Expert Group—MPEG DRM work, starting from the MPEG Intellectual Propriety Management and Protection—IPMP “Hooks”, towards the MPEG IPMP Extensions, which has originated the first DRM-related standard (MPEG-4 Part 13, called IPMP Extensions or IPMP-X) ever released by ISO up to the present days.2 The paper clarifies how the FP5 IST project MPEG Open Security for Embedded Systems (MOSES), has extended the OPIMA interfaces and architecture to achieve compliance with the MPEG IPMP-X standard, and how it has contributed to the achievement of “consensus” and to the specification, implementation (Reference Software) and validation (Conformance Testing) of the MPEG IPMP-X standard.info:eu-repo/semantics/acceptedVersio

End-to-end security in active networks

Active network solutions have been proposed to many of the problems caused by the increasing heterogeneity of the Internet. These ystems allow nodes within the network to process data passing through in several ways. Allowing code from various sources to run on routers introduces numerous security concerns that have been addressed by research into safe languages, restricted execution environments, and other related areas. But little attention has been paid to an even more critical question: the effect on end-to-end security of active flow manipulation. This thesis first examines the threat model implicit in active networks. It develops a framework of security protocols in use at various layers of the networking stack, and their utility to multimedia transport and flow processing, and asks if it is reasonable to give active routers access to the plaintext of these flows. After considering the various security problem introduced, such as vulnerability to attacks on intermediaries or coercion, it concludes not. We then ask if active network systems can be built that maintain end-to-end security without seriously degrading the functionality they provide. We describe the design and analysis of three such protocols: a distributed packet filtering system that can be used to adjust multimedia bandwidth requirements and defend against denial-of-service attacks; an efficient composition of link and transport-layer reliability mechanisms that increases the performance of TCP over lossy wireless links; and a distributed watermarking servicethat can efficiently deliver media flows marked with the identity of their recipients. In all three cases, similar functionality is provided to designs that do not maintain end-to-end security. Finally, we reconsider traditional end-to-end arguments in both networking and security, and show that they have continuing importance for Internet design. Our watermarking work adds the concept of splitting trust throughout a network to that model; we suggest further applications of this idea

Electronic Commerce: A Half-Empty Glass?

This article introduces an electronic commerce paradox by observing that while electronic commerce grows rapidly it is, at the same time, based on unsettled foundations. It describes how 22 constraints for global electronic commerce were identified, and analyzes them in depth. The constraints fall into four themes: 1. Building trust for users and consumers 2. Establishing ground rules for the digital marketplace 3. Enhancing information infrastructure 4. Maximizing benefits. Each of these themes contains a number of critical issues. The first theme--building trust for users and consumers--involves privacy protection, security, consumer protection, authentication and confidentiality, and access blocking. The second theme includes legal framework, acceptance of electronic transactions, taxation, tariffs, intellectual property protection, commercial policy, and payment systems. Enhancing information infrastructure covers the needed infrastructure enhancements and includes Internet infrastructure and governance, interconnectivity and technical convergence, technical standards, bandwidth and accessibility, and the question of how to further the competition. The last theme is about maximizing the benefits of electronic commerce and includes the understanding of digital economy, its measurement, seamless globalization, and involvement of small businesses. At the time that this paper was written (February 2000) none of these 22 issues had been resolved. Yet, they need to be worked out if electronic commerce is to be successful in both the developed and the underdeveloped world

A trading model and security regime for mobile e-commerce via ad hoc wireless networking

Ad hoc wireless networking offers mobile computer users the prospect of trading with others in their vicinity anywhere anytime. This thesis explores the potential for developing such trading applications. A notable difficulty in designing their security services is being unable to use trusted parties. No one can be guaranteed present in each ad hoc wireless network session. A side benefit is that their costs don't have to be paid for. A reference model is defined for ad hoc m-commerce and a threat model is for- mulated of its security vulnerabilities. They are used to elicit security objectives and requirements for such trading systems. Possible countermeasures to address the threats are critically analysed and used to design security services to mitigate them. They include a self-organised P2P identity support scheme using PGP cer- tificates; a distributed reputation system backed by sanctions; a group membership service based on membership vouchers, quorate decisions by some group members and partial membership lists; and a security warning scheme. Security analysis of the schemes shows that they can mitigate the threats to an adequate degree to meet the trading system's security objectives and requirements if users take due care when trading within it. Formal verification of the system shows that it satisfies certain safety properties

Key management issues in wireless sensor networks : current proposals and future developments

Author name used in this publication: Henry C. B. Chan2007-2008 > Academic research: refereed > Publication in refereed journalVersion of RecordPublishe

Fault tolerant Medical Network (MEDNET)

This investigation describes the development of a new fault tolerant Medical Network (MEDNET) model based on the existing Public Switch Telephone Network (PSTN), Integrated Services Digital Network (ISDN) and Intemetworking (Internet). This research includes the original design, development and testing of the required hardware and software interfaces to provide a complete Medical Network model. MEDNET ties the Doctor, the Patient, the Hospital, the Medical Lab, and the Pharmacy for near real time and fault tolerant exchange of medical information. The MEDNET model includes the following modules: 1 Central Database Server, 2. Remote Client Access, and 3. Communication Interface. This work proves that medical images and data can be exchanged between healthcare providers which are not geographically adjacent, in a cost effective, timely, and secure manne

Communication Architecture For Distributed Interactive Simulation (CADIS): Military Standard (draft)

Report establishes the requirements for the communication architecture to be used in a distributed interactive simulation, including the standards and the recommended practices for implementing the communication architecture and the rationales behind them