research-article

Securing V2X Communications for the Future: Can PKI Systems offer the answer?

Authors:

Thanassis Giannetsos,

Ioannis KrontirisAuthors Info & Claims

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

Article No.: 95, Pages 1 - 8

https://doi.org/10.1145/3339252.3340523

Published: 26 August 2019 Publication History

Abstract

Over recent years, emphasis in secure V2X communications research has converged on the use of Vehicular Public Key Infrastructures (VPKIs) for credential management and privacy-friendly authentication services. However, despite the security and privacy guarantees offered by such solutions, there are still a number of challenges to be conquered. By reflecting on state-of-the-art PKI-based architectures, in this paper, we identify their limitations focusing on scalability, interoperability, pseudonym reusage policies and revocation mechanisms. We argue that in their current form such mechanisms cannot capture the strict security, privacy, and trust requirements of all involved stakeholders. Motivated by these weaknesses, we then proceed on proposing the use of trusted computing technologies as an enabler for more decentralized approaches where trust is shifted from the back-end infrastructure to the edge. We debate on the advantages offered and underline the specifis of such a novel approach based on the use of advanced cryptographic primitives, using Direct Anonymous Attestation (DAA) as a concrete example. Our goal is to enhance run-time security, privacy and trustworthiness of edge devices with a scalable and decentralized solution eliminating the need for federated infrastructure trust. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them.

References

[1]

L. Chunli and T. L. Fang, "The Application Mode in Urban Transportation Management Based on Internet of Things," in Proceedings of the 2nd International Conference on Electric Technology and Civil Engineering (ICETCE), May 2012.

Digital Library

[2]

PRESERVE, "Preparing secure V2X communication systems," 2011, https://preserve-project.eu/ {Online; accessed 26-August-2017}.

[3]

Z. Xiong, H. Sheng, W. Rong, and D. E. Cooper, "Intelligent transportation systems for smart cities: a progress review," Science China Information Sciences, 2012.

[4]

S. Gisdakis, T. Giannetsos, and P. Papadimitratos, "SPPEAR: Security & Privacy-preserving Architecture for Participatory-sensing Applications," in Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless & Mobile Networks, ser. WiSec '14. New York, NY, USA: ACM, 2014, pp. 39--50.

Digital Library

[5]

P. Golle and K. Partridge, "On the anonymity of home/work location pairs," in Proceedings of the 7th International Conference on Pervasive Computing, ser. Pervasive '09. Berlin, Heidelberg: Springer-Verlag, 2009, pp. 390--397.

Digital Library

[6]

"Intelligent Transport Systems (ITS); Security; Security Header and Certificate Formats," Technical Specification, October 2017.

[7]

ETSI, "Trust and Privacy Management," 2012, http://www.etsi.org/deliver/etsi_ts/102900_102999/102941/01.01.01_60/ts_102941v010101p.pdf {Online; accessed 26-August-2017}.

[8]

L. Gollan and C. Meinel, "Digital Signatures For Automobiles?!" in Proceedings of Systemics, Cybernetics and Informatics (SCI), July 2002, pp. 1--5.

[9]

J. Petit, F. Schaub, M. Feiri, and F. Kargl, "Pseudonym schemes in vehicular networks: A survey," IEEE Communications Surveys Tutorials, vol. 17, no. 1, pp. 228--255, 2015.

Digital Library

[10]

S. Gisdakis, M. Lagana, T. Giannetsos, and P. Papadimitratos, "SEROSA: service oriented security architecture for vehicular communications," in VNC. IEEE, 2013, pp. 111--118.

[11]

M. Gerlach, "Assessing and Improving Privacy in VANETs," in Proceedings of the 4th Workshop on Embedded Security in Cars (ESCAR), 2006.

[12]

W. Whyte, A. Weimerskirch, V. Kumar, and T. Hehn, "A security credential management system for V2V communications," in 2013 IEEE Vehicular Networking Conference ((VNC'13), Dec 2013, pp. 1--8.

[13]

T. Kosch, C. J. Adler, S. Eichler, C. Schroth, and M. Strassberger, "The scalability problem of vehicular ad hoc networks and how to solve it," IEEE Wireless Communications, vol. 13, no. 5, pp. 22--28, October 2006.

Digital Library

[14]

T. Lee, C. Pappas, P. Szalachowski, and A. Perrig, "Towards Sustainable Evolution for the TLS Public-Key Infrastructure," in Proceedings of the 2018 on Asia Conference on Computer and Communications Security, ser. ASIACCS '18, 2018, pp. 637--649.

Digital Library

[15]

5GPPP, "5g Automotive Vision," 2015.

[16]

J. Whitefield, L. Chen, T. Giannetsos, S. Schneider, and H. Treharne, "Privacy-enhanced capabilities for VANETs using direct anonymous attestation," in 2017 IEEE Vehicular Networking Conference (VNC), Nov 2017, pp. 123--130.

[17]

E. F. Brickell, J. Camenisch, and L. Chen, "Direct anonymous attestation," in ACM Conference on Computer and Communications Security, CCS, 2004.

Digital Library

[18]

S. Lefèvre, J. Petit, R. Bajcsy, C. Laugier, and F. Kargl, "Impact of V2X privacy strategies on Intersection Collision Avoidance systems," in 2013 IEEE Vehicular Networking Conference, Dec 2013, pp. 71--78.

[19]

"Processing personal data in the context of C-ITS," Document, March 2017.

[20]

"A European strategy on Cooperative Intelligent Transport Systems, a milestone towards cooperative, connected and automated mobility," COM(2016) 766 final, November 2016.

[21]

"Opinion 03/2017 on Processing personal data in the context of Cooperative Intelligent Transport Systems (C-ITS)," Document, October 2017.

[22]

F. Schaub, Z. Ma, and F. Kargl, "Privacy Requirements in Vehicular Communication Systems," in 2009 International Conference on Computational Science and Engineering, vol. 3, Aug 2009, pp. 139--145.

Digital Library

[23]

J. R. Douceur, "The sybil attack," in Peer-to-Peer Systems, First International Workshop, IPTPS, 2002.

Digital Library

[24]

M. Khodaei and P. Papadimitratos, "The key to intelligent transportation: Identity and credential management in vehicular communication systems," IEEE Vehicular Technology Magazine, vol. 10, no. 4, pp. 63--69, Dec 2015.

[25]

P. Papadimitratos, L. Buttyan, T. Holczer, E. Schoch, J. Freudiger, M. Raya, Z. Ma, F. Kargl, A. Kung, and J. Hubaux, "Secure vehicular communication systems: design and architecture," IEEE Communications Magazine, vol. 46, no. 11, 2008.

Digital Library

[26]

B. Weyl, O. Henniger, A. Ruddle, H. Seudié, M. Wolf, and T. Wollinger, "Securing vehicular on-board IT systems: The EVITA Project," in proceedings of the 25th Joint VDI/VW Automotive Security Conference, Ingolstadt, Germany, Oct. 2009.

[27]

P. Papadimitratos, L. Buttyan, J.-P. Hubaux, F. Kargl, A. Kung, and M. Raya, "Architecture for Secure and Private Vehicular Communications," in IEEE International Conference on ITS Telecommunications (ITST), Sophia Antipolis, France, June 2007, pp. 1--6.

[28]

PRECIOSA, "PRivacy Enabled Capability In Cooperative Systems and Safety Applications - D1," Nov. 2009. {Online}. Available: http://www.preciosa-project.org/

[29]

"Security requirements of vehicle security architecture," Tech. Rep., June 2011.

[30]

M. Wolf and T. Gendrullis, "Design, implementation, and evaluation of a vehicular hardware security module," in Proceedings of the 14th International Conference on Information Security and Cryptology, ser. ICISC'11, 2012, pp. 302--318.

Digital Library

[31]

J. H. Saltzer and M. D. Schroeder, "The protection of information in computer systems," Proceedings of the IEEE, vol. 63, no. 9, pp. 1278--1308, Sep. 1975.

[32]

"Intelligent Transport Systems (ITS); Security; Security Services and Architecture," Technical Specification, September 2010.

[33]

M. Moser, D. Estor, M. Minzlaff, A. Weimerskirch, and L. Wolleschensky, "Operating a Car-to-X PKI - Challenges for Security and Privacy," in FISITA World Automotive Congress, June 2014.

[34]

S. S. Wu, R. V. Sabett, D. S. Chokhani, D. W. S. Ford, and C. C. R. Merrill, "Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework," RFC 3647, Nov. 2003.

[35]

B. Wiedersheim, Z. Ma, F. Kargl, and P. Papadimitratos, "Privacy in inter-vehicular networks: Why simple pseudonym change is not enough," in Seventh International Conference on Wireless On-demand Network Systems and Services (WONS), Feb 2010, pp. 176--183.

Digital Library

[36]

M. E. Nowatkowski, J. E. Wolfgang, C. McManus, and H. L. Owen, "The effects of limited lifetime pseudonyms on certificate revocation list size in VANETS," in Proceedings of the IEEE SoutheastCon 2010 (SoutheastCon), March 2010, pp. 380--383.

[37]

M. Zhao, J. Walker, and C.-C. Wang, "Security challenges for the intelligent transportation system," in Security of Internet of Things, ser. SecurIT '12, 2012.

Digital Library

[38]

B. Edelman, "Adverse Selection in Online 'Trust' Certifications and Search Results," in Electronic Commerce Research and Applications 10, 2011, pp. 17--25.

Digital Library

[39]

J. J. Haas, Y.-C. Hu, and K. P. Laberteaux, "Efficient certificate revocation list organization and distribution," IEEE J. Sel. A. Commun., vol. 29, no. 3, pp. 595--604, Mar. 2011.

Digital Library

[40]

Trusted Computing Group, "Trusted Platform Module (TPM) | Trusted Computing Group (TPM)," https://trustedcomputinggroup.org/work-groups/trusted-platform-module/ {Online; accessed 26-August-2017}.

[41]

J. Winter, "Trusted Computing Building Blocks for Embedded Linux-based ARM Trustzone Platforms," in Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, ser. STC '08, 2008, pp. 21--30.

Digital Library

[42]

R. Maes, Physically Unclonable Functions: Constructions, Properties and Applications. Springer Publishing Company, Incorporated, 2013.

[43]

J. Camenisch, M. Drijvers, and A. Lehmann, "Anonymous Attestation with Subverted TPMs," in Advances in Cryptology - CRYPTO 2017, 2017, pp. 427--461.

[44]

S. Goldwasser, S. Micali, and C. Rackoff, "The knowledge complexity of interactive proof systems," SIAM Journal on computing, 1989.

Digital Library

[45]

D. Förster, H. Löhr, J. Zibuschka, and F. Kargl, "REWIRE -- Revocation Without Resolution: A Privacy-Friendly Revocation Mechanism for Vehicular Ad-Hoc Networks," in Trust and Trustworthy Computing, 2015.

Cited By

Ying ZWang KXiong JMa M(2024)A literature review on V2X communications security: Foundation, solutions, status, and futureIET Communications10.1049/cmu2.12778Online publication date: 14-Jun-2024
https://doi.org/10.1049/cmu2.12778
Angelogianni AKrontiris IGiannetsos T(2023)Comparative Evaluation of PKI and DAA-based Architectures for V2X Communication Security2023 IEEE Vehicular Networking Conference (VNC)10.1109/VNC57357.2023.10136316(199-206)Online publication date: 26-Apr-2023
https://doi.org/10.1109/VNC57357.2023.10136316
Sedar RKalalas CVazquez-Gallego FAlonso LAlonso-Zarate J(2023)A Comprehensive Survey of V2X Cybersecurity Mechanisms and Future Research PathsIEEE Open Journal of the Communications Society10.1109/OJCOMS.2023.32391154(325-391)Online publication date: 2023
https://doi.org/10.1109/OJCOMS.2023.3239115
Show More Cited By

Index Terms

Securing V2X Communications for the Future: Can PKI Systems offer the answer?
1. Security and privacy
  1. Security services
    1. Privacy-preserving protocols
    2. Pseudonymity, anonymity and untraceability

Recommendations

Direct anonymous attestation on the road: efficient and privacy-preserving revocation in C-ITS
WiSec '21: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Vehicular networks rely on Public Key Infrastructure (PKIs) to generate long-term and short-term pseudonyms that protect vehicle's privacy. Instead of relying on a complex and centralized ecosystem of PKI entities, a more scalable solution is to rely on ...
Research and Security Analysis of Anonymous Identity Authentication in Trusted Computing
NISS '09: Proceedings of the 2009 International Conference on New Trends in Information and Service Science

This paper introduces two anonymous identity authentication solution adopted by the Trusted Computing Group, i.e. privacy certification authority (Privacy CA) and direct anonymous attestation scheme (DAA). Both of the two solutions provide a means for ...
Simplified security notions of direct anonymous attestation and a concrete scheme from pairings

Direct Anonymous Attestation (DAA) is a cryptographic mechanism that enables remote authentication of a user while preserving privacy under the user’s control. The DAA scheme developed by Brickell, Camenisch, and Chen has been adopted by the Trust ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

August 2019

979 pages

ISBN:9781450371643

DOI:10.1145/3339252

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 August 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ARES '19

ARES '19: 14th International Conference on Availability, Reliability and Security

August 26 - 29, 2019

CA, Canterbury, United Kingdom

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
311
Total Downloads

Downloads (Last 12 months)22
Downloads (Last 6 weeks)1

Reflects downloads up to 19 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ying ZWang KXiong JMa M(2024)A literature review on V2X communications security: Foundation, solutions, status, and futureIET Communications10.1049/cmu2.12778Online publication date: 14-Jun-2024
https://doi.org/10.1049/cmu2.12778
Angelogianni AKrontiris IGiannetsos T(2023)Comparative Evaluation of PKI and DAA-based Architectures for V2X Communication Security2023 IEEE Vehicular Networking Conference (VNC)10.1109/VNC57357.2023.10136316(199-206)Online publication date: 26-Apr-2023
https://doi.org/10.1109/VNC57357.2023.10136316
Sedar RKalalas CVazquez-Gallego FAlonso LAlonso-Zarate J(2023)A Comprehensive Survey of V2X Cybersecurity Mechanisms and Future Research PathsIEEE Open Journal of the Communications Society10.1109/OJCOMS.2023.32391154(325-391)Online publication date: 2023
https://doi.org/10.1109/OJCOMS.2023.3239115
Schmitt CKörner JLeuck SEdmonds K(2023)CerDES - A Certificateless DTLS-Based Encryption Solution for IEEE 802.15.4 Drone Communications2023 IEEE/AIAA 42nd Digital Avionics Systems Conference (DASC)10.1109/DASC58513.2023.10311308(1-10)Online publication date: 1-Oct-2023
https://doi.org/10.1109/DASC58513.2023.10311308
Salin H(2023)Pseudonym Swapping with Secure Accumulators and Double Diffie-Hellman Rounds in Cooperative Intelligent Transport SystemsRisks and Security of Internet and Systems10.1007/978-3-031-31108-6_17(223-238)Online publication date: 14-May-2023
https://doi.org/10.1007/978-3-031-31108-6_17
Yang ZAnh Dinh TYin CYao YYang DChang XZhou JDietrich SChowdhury OTakabi D(2022)LARP: A Lightweight Auto-Refreshing Pseudonym Protocol for V2XProceedings of the 27th ACM on Symposium on Access Control Models and Technologies10.1145/3532105.3535027(49-60)Online publication date: 7-Jun-2022
https://dl.acm.org/doi/10.1145/3532105.3535027
Moya Osorio DAhmad ISanchez JGurtov AScholliers JKutila MPorambage P(2022)Towards 6G-Enabled Internet of Vehicles: Security and PrivacyIEEE Open Journal of the Communications Society10.1109/OJCOMS.2022.31430983(82-105)Online publication date: 2022
https://doi.org/10.1109/OJCOMS.2022.3143098
Kristianto ENguyen VLin P(2022)Decentralized Public-Key Infrastructure With Blockchain in V2X Communications: Promising or Only Euphoria?IEEE Security and Privacy10.1109/MSEC.2022.314172720:4(40-50)Online publication date: 1-Jul-2022
https://dl.acm.org/doi/10.1109/MSEC.2022.3141727
Erceylan GAkcayol M(2022)Trust-Chain-Based Certificate Revocation Control in Autonomous Vehicle Networks2022 5th International Conference on Information and Communications Technology (ICOIACT)10.1109/ICOIACT55506.2022.9972060(42-47)Online publication date: 24-Aug-2022
https://doi.org/10.1109/ICOIACT55506.2022.9972060
Didouh ALabiod HHillali YRivenq A(2022)Blockchain-Based Collaborative Certificate Revocation Systems Using ClusteringIEEE Access10.1109/ACCESS.2022.316017110(51487-51500)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3160171
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents