Privacy and Scalability Analysis of Vehicular Combinatorial Certificate Schemes

White, Robert G.; Pietrowicz, Stanley; Berg, Eric van den; Crescenzo, Giovanni Di; Mok, Dennis; Ferrer, Richard; Zhang, Tao; Shim, Hyong Sop

doi:10.1109/ccnc.2009.4784924

Cited by 12 publications

(18 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus, our results imply that drivers' privacy would be compromised if any of the two anonymous certificate schemes in [10,11,26] were deployed. The key feature that is exploited by our attacks is the reuse of certificates, suggesting that one-time pseudonyms are necessary to achieve a reasonable level of location privacy.…”

Section: Introductionmentioning

confidence: 90%

“…In this work we show that both schemes [10,11,26] fail to prevent the service provider from tracking vehicles and re-identifying their drivers. We present two attacks that exploit the time and location where anonymous certificates are (re-)used.…”

Section: Introductionmentioning

confidence: 99%

“…The IntelliDrive framework attempts to reconcile authentication and privacy requirements by using anonymous certificates that allow vehicles to send authenticated messages without revealing their actual identity [10,11,26]. The goal of these anonymous certificates, optimized for scalability, easy certificate management and revocation, is to ensure that the IntelliDrive service provider (or other entities) cannot link the message received at a particular location to the vehicle that sent it, and thus to preserve the anonymity of drivers and prevent vehicle tracking.…”

Section: Introductionmentioning

confidence: 99%

“…Further, we have also considered a weaker adversary, who does not know how sets of certificates have been distributed to vehicles (i.e., does not control the service provider and can only eavesdrop on the communications of vehicles). We find that one of the schemes, based on shared certificates [10,26], is also vulnerable to this adversary model. The attack reveals the sets of certificates associated with most vehicles, and recovers the trajectories that they have followed.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

On the difficulty of achieving anonymity for Vehicle-2-X communication

Troncoso¹,

Costa-Montenegro²,

Díaz³

et al. 2011

Computer Networks

View full text Add to dashboard Cite

a b s t r a c tVehicle-2-X communications are hailed as the future to improve safety on the roads. Ensuring that messages sent by vehicles contain correct information is crucial to fulfill this objective, as misleading information could disrupt traffic and create potentially dangerous situations. Thus, Vehicle-2-X communication requires authentication to ensure that messages come from legitimate vehicles, and to identify vehicles that send misleading information. If a unique public key certificate per vehicle is used to authenticate messages, then the identification of misbehaving (or malfunctioning) vehicles is straightforward, and so is the revocation of their credentials. This solution however, offers no privacy protection to drivers, as the tracking of all the vehicles' movements is equally trivial. A privacy-preserving alternative is to authenticate messages using (unlinkable) one-time pseudonyms, but these protocols are computationally expensive and their certificate revocation process is more complex. Intermediate solutions that trade off privacy and efficiency are based on multiple certificates per vehicle, which may or may not be unique, that are reused to authenticate messages. In this work we analyze two such intermediate solutions that have been proposed by IntelliDrive, US Department of Transportation (DoT). We show that by exploiting the reuse of pseudonyms and spatio-temporal constraints the service provider is capable of tracking a large percentage of vehicles. Furthermore, we find that one of the schemes fails to provide privacy even if the adversary does not control the service provider and only listens to the communications of vehicles.

show abstract

Section: Introductionmentioning

confidence: 90%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

On the difficulty of achieving anonymity for Vehicle-2-X communication

Troncoso¹,

Costa-Montenegro²,

Díaz³

et al. 2011

Computer Networks

View full text Add to dashboard Cite

show abstract

“…4. When a misbehaving vehicle causes certificate c k to be revoked, the CA bisects V(c k ) of size γ into V(c …”

Section: Anonymity Level Of the Proposed Schemementioning

confidence: 99%

Randomized Certificate Replacement with Bounded Collateral Damage

Yum

2015

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYTo accomplish secure communication in vehicular networks, public key infrastructure (PKI) can be employed. However, traditional PKI systems are not suitable because a unique certificate is assigned to each vehicle and thus no anonymity is guaranteed. In the combinatorial certificate schemes, each vehicle is assigned multiple certificates from a shared certificate pool and each certificate in the pool is assigned to multiple vehicles to achieve a level of anonymity. When a certificate assigned to a misbehaving vehicle is revoked, a certificate replacement procedure is executed to all vehicles sharing the certificate. To replace the revoked certificate, a randomized certificate replacement scheme probabilistically assigns different certificates to different vehicles, which can reduce collateral damage caused by repeatedly misusing a certificate and its replacement certificates. Unfortunately, previous randomized certificate replacement schemes allow unbounded collateral damage; a finite number of certificate replacements cannot detect the misbehaving vehicle with certainty. To address this problem, we propose a new randomized certificate replacement scheme with bounded collateral damage.

show abstract

Public Key Infrastructure for Vehicle Networks

Delgrossi

Zhang

2012

Vehicle Safety Communications

View full text Add to dashboard Cite

Privacy and Scalability Analysis of Vehicular Combinatorial Certificate Schemes

Cited by 12 publications

References 0 publications

On the difficulty of achieving anonymity for Vehicle-2-X communication

On the difficulty of achieving anonymity for Vehicle-2-X communication

Randomized Certificate Replacement with Bounded Collateral Damage

Public Key Infrastructure for Vehicle Networks

Contact Info

Product

Resources

About