Jorden Whitefield scite author profile

Abstract-In this paper, we propose a novel secure and privacypreserving solution for V2X systems leveraging widely accepted trusted computing technologies. Our approach systematically addresses all key aspects, i.e., security, privacy and accountability (revocation). By reflecting on state-of-the-art pseudonym architectures, we identify their limitations focusing on pseudonym reusage policies and revocation mechanisms. We propose the use of Direct Anonymous Attestation (DAA) algorithms to enhance existing V2X security architectures. The novelty of our proposed solution is its decentralized approach in shifting trust from the infrastructure to vehicles. Applying DAA in V2X enables enhanced privacy protection than is possible in current architectures through user-controlled linkability. The paper presents the incorporation of DAA algorithms within V2X together with rigorous security and privacy arguments.

show abstract

Formal Analysis and Implementation of a TPM 2.0-based Direct Anonymous Attestation Scheme

Wesemeyer

Newton

Treharne

et al. 2020

View full text Add to dashboard Cite

Direct Anonymous Attestation (Daa) is a set of cryptographic schemes used to create anonymous digital signatures. To provide additional assurance, Daa schemes can utilise a Trusted Platform Module (Tpm) that is a tamper-resistant hardware device embedded in a computing platform and which provides cryptographic primitives and secure storage. We extend Chen and Li's Daa scheme to support: 1) signing a message anonymously, 2) self-certifying Tpm keys, and 3) ascertaining a platform's state as recorded by the Tpm's platform configuration registers (PCR) for remote attestation, with explicit reference to Tpm 2.0 API calls. We perform a formal analysis of the scheme and are the first symbolic models to explicitly include the low-level Tpm call details. Our analysis reveals that a fix proposed by Whitefield et al. to address an authentication attack on an Ecc-Daa scheme is also required by our scheme. Developing a finegrained, formal model of a Daa scheme contributes to the growing body of work demonstrating the use of formal tools in supporting security analyses of cryptographic protocols. We additionally provide and benchmark an open-source C++ implementation of this Daa scheme supporting both a hardware and a software Tpm and measure its performance.

show abstract

Formal Analysis of V2X Revocation Protocols

Whitefield

Chen

Kargl

et al. 2017

View full text Add to dashboard Cite

Research on vehicular networking (V2X) security has produced a range of security mechanisms and protocols tailored for this domain, addressing both security and privacy. Typically, the security analysis of these proposals has largely been informal. However, formal analysis can be used to expose flaws and ultimately provide a higher level of assurance in the protocols. This paper focusses on the formal analysis of a particular element of security mechanisms for V2X found in many proposals, that is the revocation of malicious or misbehaving vehicles from the V2X system by invalidating their credentials. This revocation needs to be performed in an unlinkable way for vehicle privacy even in the context of vehicles regularly changing their pseudonyms. The Rewire scheme by Förster et al. and its subschemes Plain and R-token aim to solve this challenge by means of cryptographic solutions and trusted hardware. Formal analysis using the Tamarin prover identifies two flaws: one previously reported in the literature concerned with functional correctness of the protocol, and one previously unknown flaw concerning an authentication property of the R-token scheme. In response to these flaws we propose Obscure Token (O-token), an extension of Rewire to enable revocation in a privacy preserving manner. Our approach addresses the functional and authentication properties by introducing an additional key-pair, which offers a stronger and verifiable guarantee of successful revocation of vehicles without resolving the long-term identity. Moreover O-token is the first V2X revocation protocol to be co-designed with a formal model.

show abstract

A Symbolic Analysis of ECC-Based Direct Anonymous Attestation

Whitefield

Chen

Sasse

et al. 2019

View full text Add to dashboard Cite

Direct Anonymous Attestation (DAA) is a cryptographic scheme that provides Trusted Platform Module (TPM)backed anonymous credentials. We develop TAMARIN modelling of the ECC-based version of the protocol as it is standardised and provide the first mechanised analysis of this standard. Our analysis confirms that the scheme is secure when all TPMs are assumed honest, but reveals a break in the protocol's expected authentication and secrecy properties for all TPMs even if only one is compromised. We propose and formally verify a minimal fix to the standard. In addition to developing the first formal analysis of ECC-DAA, the paper contributes to the growing body of work demonstrating the use of formal tools in supporting standardisation processes for cryptographic protocols.

show abstract

Symbolic Reachability Analysis of B Through ProB and LTSmin

Bendisposto

Körner

Leuschel

et al. 2016

View full text Add to dashboard Cite

Abstract. We present a symbolic reachability analysis approach for B that can provide a significant speedup over traditional explicit state model checking. The symbolic analysis is implemented by linking ProB to LTSmin, a high-performance language independent model checker. The link is achieved via LTSmin's Pins interface, allowing ProB to benefit from LTSmin's analysis algorithms, while only writing a few hundred lines of glue-code, along with a bridge between ProB and C using ØMQ. ProB supports model checking of several formal specification languages such as B, Event-B, Z and Tla + . Our experiments are based on a wide variety of B-Method and Event-B models to demonstrate the efficiency of the new link. Among the tested categories are state space generation and deadlock detection; but action detection and invariant checking are also feasible in principle. In many cases we observe speedups of several orders of magnitude. We also compare the results with other approaches for improving model checking, such as partial order reduction or symmetry reduction. We thus provide a new scalable, symbolic analysis algorithm for the B-Method and Event-B, along with a platform to integrate other model checking improvements via LTSmin in the future.

show abstract

5G zero trust – A Zero-Trust Architecture for Telecom

Olsson¹,

Shorov²,

Abdelrazek³

et al. 2021

Eric. Tech. Rev.

View full text Add to dashboard Cite

show abstract

Formal Analysis of V2X Revocation Protocols

Whitefield¹,

Chen²,

Kargl³

et al. 2017

Preprint

View full text Add to dashboard Cite

Formal analysis and applications of direct anonymous attestation.

Whitefield¹

2020

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.