qSCMS: Post-quantum certificate provisioning process for V2X

Security and privacy are paramount in the field of intelligent transportation systems (ITS). This motivates many proposals aiming to create a Vehicular Public Key Infrastructure (VPKI) for managing vehicles’ certificates. Among them, the Security Credential Management System (SCMS) is one of the leading contenders for standardization in the US. SCMS provides a wide array security features, which include (but are not limited to) data authentication, vehicle privacy and revocation of misbehaving vehicles. In addition, the key provisioning process in SCMS is realized via the so-called butterfly key expansion, which issues arbitrarily large batches of pseudonym certificates in response to a single client request. Although promising, this process is based on classical elliptic curve cryptography (ECC), which is known to be susceptible to quantum attacks. Aiming to address this issue, in this work we propose a post-quantum butterfly key expansion process. The proposed protocol relies on lattice-based cryptography, which leads to competitive key, ciphertext and signature sizes. Moreover, it provides low bandwidth utilization when compared with other lattice-based schemes, and, like the original SCMS, addresses the security and functionality requirements of vehicular communication

The Unified Butterfly Effect: Efficient Security Credential Management System for Vehicular Communications

Security and privacy are important requirements for the broad deployment of intelligent transportation systems (ITS). This motivated the development of many proposals aimed at creating a Vehicular Public Key Infrastructure (VPKI) for addressing such needs. Among them, schemes based on pseudonym certificates are considered particularly prominent: they provide data authentication in a privacy-preserving manner while allowing vehicles to be revoked in case of misbehavior. Indeed, this is the approach followed by the Security Credential Management System (SCMS), one of the leading candidate designs for protecting vehicular communications in the United States. Despite SCMS\u27s appealing design, in this article we show that it still can be further improved. Namely, one of the main benefits of SCMS is its so-called butterfly key expansion process, which allows batches of pseudonym certificates to be issued for authorized vehicles by means of a single request. Whereas this procedure requires the vehicle to provide two separate public/private key pairs for registration authorities, we present a modified protocol that uses a single key for the same purpose. As a result, the processing and bandwidth costs of the certificate provisioning protocol drop as far as 50%. Such performance gains come with no negative impact in terms of security, flexibility or scalability when compared to the original SCMS

Faster verification of V2X BSM messages via Message Chaining

Vehicular-to-Everything (V2X) communications enable vehicles to exchange messages with other entities, including nearby vehicles and pedestrians. V2X is, thus, essential for establishing an Intelligent Transportation System (ITS), where vehicles use information from their surroundings to reduce traffic congestion and improve safety. To avoid abuse, V2X messages should be digitally signed using valid digital certificates. Messages sent by unauthorized entities can then be discarded, while misbehavior can lead to the revocation of the corresponding certificates. One challenge in this scenario is that messages must be verified shortly after arrival (e.g., within centiseconds), whereas vehicles may receive thousands of them per second. To handle this issue, some solutions propose prioritization or delayed-verification mechanisms, while others involve signature schemes that support batch verification. In this manuscript, we discuss two mechanisms that complement such proposals, enabling the authentication of a sequence of messages from the same source with one single signature verification. Our analysis shows that the technique can reduce the number of verified signatures by around 90% for reliable communication channels, and by more than 65% for a maximum packet loss rate of 20%

ACPC: Efficient revocation of pseudonym certificates using activation codes

Vehicular communication (V2X) technologies allow vehicles to exchange information about the road conditions and their own status, and thereby enhance transportation safety and efficiency. For broader deployment, however, such technologies are expected to address security and privacy concerns, preventing abuse by users and by the system\u27s entities. In particular, the system is expected to enable the revocation of malicious vehicles, e.g., in case they send invalid information to their peers or to the roadside infrastructure; it should also prevent the system from being misused for tracking honest vehicles.Both features are enabled by Vehicular Public Key Infrastructure (VPKI) solutions such as Security Credential Management Systems (SCMS), one of the leading candidates for protecting V2X communication in the United States. Unfortunately, though, SCMS\u27s original revocation mechanism can lead to large Certification Revocation Lists (CRLs), which in turn impacts the bandwidth usage and processing overhead of the system. In this article, we propose a novel design called Activation Codes for Pseudonym Certificates (ACPC), which can be integrated into SCMS to address this issue. Our proposal is based on activation codes, short bitstrings without which certificates previously issued to a vehicle cannot be used by the latter, which are periodically distributed to non-revoked vehicles using an efficient broadcast mechanism. As a result, the identifiers of the corresponding certificates do no need to remain on the CRL for a long time, reducing the CRLs\u27 size and streamlining their distribution and verification of any vehicle\u27s revocation status. Besides describing ACPC in detail, we also compare it to similar-purpose solutions such as Issue First Activate Later (IFAL) and Binary Hash Tree based Certificate Access Management (BCAM).This analysis shows that our proposal not only brings security improvements (e.g., in terms of resilience against colluding system authorities), but also leads to processing and bandwidth overheads that are orders of magnitude smaller than those observed in the state of the art

A privacy-preserving method for temporarily linking/revoking pseudonym certificates in vehicular networks

Vehicular communication (V2X) technologies are expected to become increasingly common in the future. Although they enable improvements on transportation safety and efficiency, the large scale deployment of V2X requires addressing some challenges. In particular, to prevent abuse by drivers and by the system itself, V2X architectures must: (1) ensure the authenticity of messages, which is usually accomplished by means of digital certification; and (2) preserve the privacy of honest users, so owners of non-revoked certificates cannot be easily identified and tracked by eavesdroppers. A promising design to address these requirements is the Security Credential Management System (SCMS), which is currently among the main candidates for protecting V2X communications in the United States. Even though SCMS provides efficient, scalable and privacy-preserving mechanisms for managing V2X-oriented certificates, in this article we show that its certificate revocation process can be further enhanced. Namely, we present two birthday attacks against SCMS\u27s revocation process, both of which degrade the system\u27s security as time passes and more certificates are revoked. We then describe an alternative design to prevent such security degradation with minimal computational overhead. In complement to these security gains, we also describe a mechanism for improving the flexibility of the revocation procedure, allowing certificates (as well as their owner\u27s privacy) to be temporarily revoked in an efficient manner. This should be useful, for example, to implement suspension mechanisms or to aid in investigations by law-enforcement authorities

Accelerated V2X provisioning with Extensible Processor Platform

With the burgeoning Vehicle-to-Everything (V2X) communication, security and privacy concerns are paramount. Such concerns are usually mitigated by combining cryptographic mechanisms with suitable key management architecture. However, cryptographic operations may be quite resource-intensive, placing a considerable burden on the vehicle’s V2X computing unit. To assuage this issue, it is reasonable to use hardware acceleration for common cryptographic primitives, such as block ciphers, digital signature schemes, and key exchange protocols. In this scenario, custom extension instructions can be a plausible option, since they achieve fine-tune hardware acceleration with a low to moderate logic overhead, while also reducing code size. In this article, we apply this method along with dual-data memory banks for the hardware acceleration of the PRESENT block cipher, as well as for the $F_{2^{255}-19}$ finite field arithmetic employed in cryptographic primitives based on Curve25519 (e.g., EdDSA and X25519). As a result, when compared with a state-of-the-art software-optimized implementation, the performance of PRESENT is improved by a factor of 17 to 34 and code size is reduced by 70%, with only a 4.37% increase in FPGA logic overhead. In addition, we improve the performance of operations over Curve25519 by a factor of ~2.5 when compared to an Assembly implementation on a comparable processor, with moderate logic overhead (namely, 9.1%). Finally, we achieve significant performance gains in the V2X provisioning process by leveraging our hardware-accelerated cryptographic primitive

Armodafinil improves wakefulness and long-term episodic memory in nCPAP-adherent patients with excessive sleepiness associated with obstructive sleep apnea

Residual excessive sleepiness (ES) and impaired cognition can occur despite effective and regular nasal continuous positive airway pressure (nCPAP) therapy in some patients with obstructive sleep apnea (OSA). A pooled analysis of two 12-week, randomized, double-blind studies in nCPAP-adherent patients with ES associated with OSA evaluated the effect of armodafinil on wakefulness and cognition. Three hundred and ninety-one patients received armodafinil (150 or 250 mg) and 260 patients received placebo once daily for 12 weeks. Efficacy assessments included the Maintenance of Wakefulness Test (MWT), Cognitive Drug Research cognitive performance battery, Epworth Sleepiness Scale, and Brief Fatigue Inventory. Adverse events were monitored. Armodafinil increased mean MWT sleep latency from baseline to final visit by 2.0 min vs a decrease of 1.5 min with placebo (P < 0.0001). Compared with placebo, armodafinil significantly improved quality of episodic secondary memory (P < 0.05) and patients’ ability to engage in activities of daily living (P < 0.0001) and reduced fatigue (P < 0.01). The most common adverse events were headache, nausea, and insomnia. Armodafinil did not adversely affect desired nighttime sleep, and nCPAP use remained high (approximately 7 h/night). Adjunct treatment with armodafinil significantly improved wakefulness, long-term memory, and patients’ ability to engage in activities of daily living in nCPAP-adherent individuals with ES associated with OSA. Armodafinil also reduced patient-reported fatigue and was well tolerated

Lack of clinical efficacy of imatinib in metastatic melanoma

This two-centre phase-II trial aimed at investigating the efficacy of imatinib in metastasised melanoma patients in correlation to the tumour expression profile of the imatinib targets c-kit and platelet-derived growth factor receptor (PDGF-R). The primary study end point was objective response according to RECIST, secondary end points were safety, overall and progression-free survival. In all, 18 patients with treatment-refractory advanced melanoma received imatinib 800 mg day−1. In 16 evaluable patients no objective responses could be observed. The median overall survival was 3.9 months, the median time to progression was 1.9 months. Tumour biopsy specimens were obtained from 12 patients prior to imatinib therapy and analysed for c-kit, PDGF-Rα and -Rβ expression by immunohistochemistry. In four cases, cell lines established from these tumour specimens were tested for the antiproliferative effects of imatinib and for functional mutations of genes encoding the imatinib target molecules. The tumour specimens stained positive for CD117/c-kit in nine out of 12 cases (75%), for PDGF-Rα in seven out of 12 cases (58%) and for PDGF-Rβ in eight out of 12 cases (67%). The melanoma cell lines showed a heterogenous expression of the imatinib target molecules without functional mutations in the corresponding amino-acid sequences. In vitro imatinib treatment of the cell lines showed no antiproliferative effect. In conclusion, this study did not reveal an efficacy of imatinib in advanced metastatic melanoma, regardless of the expression pattern of the imatinib target molecules c-kit and PDGF-R

Schnorr-Based Implicit Certification: Improving the Security and Efficiency of Vehicular Communications

In the implicit certification model, the process of verifying the validity of the signer\u27s public key is combined with the verification of the signature itself. When compared to traditional, explicit certificates, the main advantage of the implicit approach lies in the shorter public key validation data. This property is particularly important in resource-constrained scenarios where public key validation is performed very often, which is common in vehicular communications (V2X) that employ pseudonym certificates. In this article, show that an alternative, Schnorr-based implicit certification procedure can improve the efficiency of a popular V2X-oriented Vehicular Public Key Infrastructure (VPKI), the Security Credential Management System (SCMS). As an additional contribution, we show that SCMS\u27s underlying certificate provisioning procedure, based on butterfly keys, is vulnerable to existential forgery attacks under certain conditions. We then discuss how this issue can be fixed in an effective and efficient manner