Scaling pseudonymous authentication for large mobile systems

Khodaei, Mohammad; Noroozi, Hamid; Papadimitratos, Panos

doi:10.1145/3317549.3323410

Cited by 15 publications

(9 citation statements)

References 52 publications

(112 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Beyond vehicle sharing security and privacy, vehicular communications security and privacy received extensive attention over the years [46], [87], [88]. Recent results focus, for example, on scalable systems, notably for credential management [46], [89], [90], pseudonymous certificates for vehicle tracking protection [91], and decentralized cooperative defenses [92], [93]. Moreover, Qi et al [94] proposed an enhanced scheme of [95], namely, DUBI, a decentralized and privacy-preserving usage-based insurance scheme built on the blockchain technology to address privacy concerns for pay-asyou-drive insurances using zero-knowledge proofs and smart contracts.…”

Section: Related Workmentioning

confidence: 99%

HERMES: Scalable, Secure, and Privacy-Enhancing Vehicular Sharing-Access System

Symeonidis

Rotaru²,

Mustafa

et al. 2022

IEEE Internet Things J.

Self Cite

View full text Add to dashboard Cite

We propose HERMES, a scalable, secure, and privacy-enhancing system for users to share and access vehicles. HERMES securely outsources operations of vehicle access token (AT) generation to a set of untrusted servers. It builds on an earlier proposal, namely, SePCAR, and extends the system design for improved efficiency and scalability. To cater to system and user needs for secure and private computations, HERMES utilizes and combines several cryptographic primitives with secure multiparty computation (MPC) efficiently. It conceals secret keys of vehicles and transaction details from the servers, including vehicle booking details, AT information, and user and vehicle identities. It also provides user accountability in case of disputes. Besides, we provide semantic security analysis and prove that HERMES meets its security and privacy requirements. Last but not least, we demonstrate that HERMES is efficient and, in contrast to SePCAR, scales to a large number of users and vehicles, making it practical for real-world deployments. We build our evaluations with two different MPC protocols: 1) HtMAC-MiMC and 2) CBC-MAC-AES. Our results demonstrate that HERMES is in the range of milliseconds for generating an AT, whether it operates for a single-vehicle owner or a large rental-company branch with over 1000 vehicles; handling 546 and 84 AT generations per second, respectively. As a result, HERMES is an order of magnitude faster compared to SePCAR. Specifically, it delivers 696 (with HtMAC-MiMC) and 42 (with CBC-MAC-AES) more ATs compared to in SePCAR for a single-vehicle owner AT generation. Furthermore, we show that HERMES is practical on the vehicle side, too, as AT operations performed on a prototype vehicle on-board unit take only ≈ 62 ms.

show abstract

Section: Related Workmentioning

confidence: 99%

HERMES: Scalable, Secure, and Privacy-Enhancing Vehicular Sharing-Access System

Symeonidis

Rotaru²,

Mustafa

et al. 2022

IEEE Internet Things J.

Self Cite

View full text Add to dashboard Cite

show abstract

“…Preliminary assumptions: We leverage a state-of-the-art VPKI system [43], [54], [55] that provides pseudonyms in an on-demand fashion: each vehicle ''decides'' when to trigger the pseudonym acquisition process based on various factors [56], [57]. Such a scheme requires sparse connectivity to the VPKI, but it facilitates an OBU to be preloaded with pseudonyms proactively, covering a longer period, e.g., a week or a month, should the connectivity be expected heavily intermittent.…”

Section: Motivation and Overviewmentioning

confidence: 99%

“…Such a scheme requires sparse connectivity to the VPKI, but it facilitates an OBU to be preloaded with pseudonyms proactively, covering a longer period, e.g., a week or a month, should the connectivity be expected heavily intermittent. The efficiency, scalability and robustness of the VPKI system is systematically investigated [43], [54], [55], [56] with the VPKI handles a large workload. Moreover, it enhances user privacy, notably preventing linking pseudonyms based on timing information [38] (the instance of issuance and the pseudonym lifetime) as well as offers strong user privacy protection even in the presence of honest-but-curious VPKI entities.…”

Section: Motivation and Overviewmentioning

confidence: 99%

Scalable & Resilient Vehicle-Centric Certificate Revocation List Distribution in Vehicular Communication Systems

Khodaei

Papadimitratos

2021

IEEE Trans. on Mobile Comput.

Self Cite

View full text Add to dashboard Cite

In spite of progress in securing Vehicular Communication (VC) systems, there is no consensus on how to distribute Certificate Revocation Lists (CRLs). The main challenges lie exactly in (i) crafting an efficient and timely distribution of CRLs for numerous anonymous credentials, pseudonyms, (ii) maintaining strong privacy for vehicles prior to revocation events, even with honest-but-curious system entities, (iii) and catering to computation and communication constraints of on-board units with intermittent connectivity to the infrastructure. Relying on peers to distribute the CRLs is a double-edged sword: abusive peers could "pollute" the process, thus degrading the timely CRLs distribution. In this paper, we propose a vehicle-centric solution that addresses all these challenges and thus closes a gap in the literature. Our scheme radically reduces CRL distribution overhead: each vehicle receives CRLs corresponding only to its region of operation and its actual trip duration. Moreover, a "fingerprint" of CRL 'pieces' is attached to a subset of (verifiable) pseudonyms for fast CRL 'piece' validation (while mitigating resource depletion attacks abusing the CRL distribution). Our experimental evaluation shows that our scheme is efficient, scalable, dependable, and practical: with no more than 25 KB/s of traffic load, the latest CRL can be delivered to 95% of the vehicles in a region (15×15 KM) within 15s, i.e., more than 40 times faster than the state-of-the-art. Overall, our scheme is a comprehensive solution that complements standards and can catalyze the deployment of secure and privacy-protecting VC systems.

show abstract

“…Our scheme requires sparse connectivity to the VPKI, allowing an OBU to be preloaded with numerous pseudonyms proactively, covering a longer period, e.g., a week or a month (should the connectivity be relatively scarce). We assume that a state-of-the-art VPKIs, e.g., [7], [8], [75], can provide pseudonyms in a timely manner. Moreover, we assume the VPKI pseudonym lifetime policy is the same for all registered vehicles, so that timing information does not harm user privacy [8], [20].…”

Section: A System Model and Assumptionsmentioning

confidence: 99%

Cooperative Location Privacy in Vehicular Networks: Why Simple Mix-zones are not Enough

Khodaei,

Papadimitratos

2020

Preprint

Self Cite

View full text Add to dashboard Cite

Vehicular communications disclose rich information about the vehicles and their whereabouts. Pseudonymous authentication secures communication while enhancing user privacy. To enhance location privacy, cryptographic mix-zones were proposed to facilitate vehicles covertly transition to new ephemeral credentials. The resilience to (syntactic and semantic) pseudonym linking (attacks) highly depends on the geometry of the mix-zones, mobility patterns, vehicle density, and arrival rates. We introduce a tracking algorithm for linking pseudonyms before and after a cryptographically protected mix-zone. Our experimental results show that an eavesdropper, leveraging standardized vehicular communication messages and road layout, could successfully link ≈73% of pseudonyms during non-rush hours and ≈62% of pseudonyms during rush hours after vehicles change their pseudonyms in a mix-zone. To mitigate such inference attacks, we present a novel cooperative mix-zone scheme that enhances user privacy regardless of the vehicle mobility patterns, vehicle density, and arrival rate to the mix-zone. A subset of vehicles, termed relaying vehicles, are selected to be responsible for emulating non-existing vehicles. Such vehicles cooperatively disseminate decoy traffic without affecting safety-critical operations: with 50% of vehicles as relaying vehicles, the probability of linking pseudonyms (for the entire interval) drops from ≈68% to ≈18%. On average, this imposes 28 ms extra computation overhead, per second, on the Road-Side Units (RSUs) and 4.67 ms extra computation overhead, per second, on the (relaying) vehicle side; it also introduces 1.46 KB/sec extra communication overhead by (relaying) vehicles and 45 KB/sec by RSUs for the dissemination of decoy traffic. Thus, user privacy is enhanced at the cost of low computation and communication overhead.

show abstract

Scaling pseudonymous authentication for large mobile systems

Cited by 15 publications

References 52 publications

HERMES: Scalable, Secure, and Privacy-Enhancing Vehicular Sharing-Access System

HERMES: Scalable, Secure, and Privacy-Enhancing Vehicular Sharing-Access System

Scalable & Resilient Vehicle-Centric Certificate Revocation List Distribution in Vehicular Communication Systems

Cooperative Location Privacy in Vehicular Networks: Why Simple Mix-zones are not Enough

Contact Info

Product

Resources

About