A security credential management system for V2V communications
01 Dec 2013-pp 1-8
TL;DR: This system is currently being finalized, and it is the leading candidate design for the V2V security backend design in the US, subject to review by the US Department of Transportation and other stakeholders.
Abstract: We present a security credential management system for vehicle-to-vehicle communications, which has been developed under a Cooperative Agreement with the US Department of Transportation. This system is currently being finalized, and it is the leading candidate design for the V2V security backend design in the US, subject to review by the US Department of Transportation and other stakeholders. It issues digital certificates to participating vehicles for establishing trust among them, which is necessary for safety applications based on vehicle-to-vehicle communications. It supports four main use cases, namely, bootstrapping, certificate provisioning, misbehavior reporting and revocation. The main design goal is to provide both security and privacy to the largest extent reasonable and possible. To achieve the latter, vehicles are issued pseudonym certificates, and the provisioning of those certificates is divided among multiple organizations. One of the main challenges is to facilitate efficient revocation while providing privacy against attacks from insiders.
Citations
More filters
TL;DR: This paper presents an extensive overview of VANET security characteristics and challenges as well as requirements, and gives the details of the recent security architectures and the well-known security standards protocols.
471 citations
Cites background or methods from "A security credential management sy..."
...Confidentiality NHTSA and ETSI via symmetric and asymmetric encryption....
[...]
...Node impersonation Authentication Integrity Non-repudiation [2,37,39,41] Masquerading Authentication Non-repudiation Integrity [25,47] Routing: Authentication [2,9,48] Blackhole, Greyhole, Wormhole, Tunnelling Availability Confidentiality Integrity GPS spoofing/Position faking Authentication Privacy [25,35,58] Timing attack Availability [9,24,36] Replay Authentication Integrity Non-repudiation [2,25,43] Illusion attack Authentication Integrity [25,35,58] Jamming Availability [35,57] Key and/or certificate replication (unauthorized access) Authentication Confidentiality [3,24,30,33,38,39] Loss of event traceability (Repudiation) Non-repudiation [9,41,33] For Replay attack: Use time stamping technique for sensitive packets [43] or timestamp all messages by broadcasting time (UTC or GNSS), or digitally sign and include sequence number in each message [25]....
[...]
...Attacks Compromised services Solutions Tracking Privacy [2,3,12,24–32] Traffic analysis Confidentiality [2,12,14,15,23,32] Eavesdropping Information disclosure Authentication Privacy [2] DOS Authentication Availability [1,2,24,33–36] Sybil attack Authentication Availability [3,8,9,37–44] Malware Availability [41,41] Spamming Confidentiality Man in the middle attack Authentication Confidentiality Integrity Non-repudiation [9,36,45–47] Brute force Authentication Confidentiality [49,48,49] Tampering Hardware Confidentiality Privacy Control of manufacturer users’ job....
[...]
...Tracking Privacy [2,3,12,24–32] Traffic analysis Confidentiality [2,12,14,15,23,32] Eavesdropping Information disclosure Authentication Privacy [2]...
[...]
...NHTSA proposed a security architecture [12] based on PKI....
[...]
01 Feb 2020
TL;DR: A survey on various ML techniques applied to communication, networking, and security parts in vehicular networks and envision the ways of enabling AI toward a future 6G vehicular network, including the evolution of intelligent radio (IR), network intelligentization, and self-learning with proactive exploration.
Abstract: As a powerful tool, the vehicular network has been built to connect human communication and transportation around the world for many years to come. However, with the rapid growth of vehicles, the vehicular network becomes heterogeneous, dynamic, and large scaled, which makes it difficult to meet the strict requirements, such as ultralow latency, high reliability, high security, and massive connections of the next-generation (6G) network. Recently, machine learning (ML) has emerged as a powerful artificial intelligence (AI) technique to make both the vehicle and wireless communication highly efficient and adaptable. Naturally, employing ML into vehicular communication and network becomes a hot topic and is being widely studied in both academia and industry, paving the way for the future intelligentization in 6G vehicular networks. In this article, we provide a survey on various ML techniques applied to communication, networking, and security parts in vehicular networks and envision the ways of enabling AI toward a future 6G vehicular network, including the evolution of intelligent radio (IR), network intelligentization, and self-learning with proactive exploration.
414 citations
Cites background from "A security credential management sy..."
...Jamming and eavesdropping are two primary attacks in networks, and the vehicular public key infrastructure (PKI) and elliptic curve digital signature algorithm (ECDSA) have been proposed to be the two main security architectures to ensure the confidential communication from malicious attacks [36], [37]....
[...]
TL;DR: This study presents a first look at the effects of security attacks on the communication channel as well as sensor tampering of a connected vehicle stream equipped to achieve CACC, and shows that an insider attack can cause significant instability in the CACC vehicle stream.
Abstract: Autonomous vehicles capable of navigating unpredictable real-world environments with little human feedback are a reality today. Such systems rely heavily on onboard sensors such as cameras, radar/LIDAR, and GPS as well as capabilities such as 3G/4G connectivity and V2V/V2I communication to make real-time maneuvering decisions. Autonomous vehicle control imposes very strict requirements on the security of the communication channels used by the vehicle to exchange information as well as the control logic that performs complex driving tasks such as adapting vehicle velocity or changing lanes. This study presents a first look at the effects of security attacks on the communication channel as well as sensor tampering of a connected vehicle stream equipped to achieve CACC. Our simulation results show that an insider attack can cause significant instability in the CACC vehicle stream. We also illustrate how different countermeasures, such as downgrading to ACC mode, could potentially be used to improve the security and safety of the connected vehicle streams.
337 citations
Additional excerpts
...The Security Credential Management System (SCMS), developed under a cooperative agreement with the United States Department of Transportation (USDOT), is currently the leading candidate for V2V security backend design in the U.S. [4]....
[...]
TL;DR: In this article, the authors present misbehavior detection mechanisms that can detect insider attacks based on attacker behavior and information analysis, which aligns better with highly application-tailored communication protocols foreseen for cooperative intelligent transportation systems.
Abstract: Cooperative intelligent transportation systems (cITS) are a promising technology to enhance driving safety and efficiency. Vehicles communicate wirelessly with other vehicles and infrastructure, thereby creating a highly dynamic and heterogeneously managed ad-hoc network. It is these network properties that make it a challenging task to protect integrity of the data and guarantee its correctness. A major component is the problem that traditional security mechanisms like public key infrastructure (PKI)-based asymmetric cryptography only exclude outsider attackers that do not possess key material. However, because attackers can be insiders within the network (i.e., possess valid key material), this approach cannot detect all possible attacks. In this survey, we present misbehavior detection mechanisms that can detect such insider attacks based on attacker behavior and information analysis. In contrast to well-known intrusion detection for classical IT systems, these misbehavior detection mechanisms analyze information semantics to detect attacks, which aligns better with highly application-tailored communication protocols foreseen for cITS. In our survey, we provide an extensive introduction to the cITS ecosystem and discuss shortcomings of PKI-based security. We derive and discuss a classification for misbehavior detection mechanisms, provide an in-depth overview of seminal papers on the topic, and highlight open issues and possible future research trends.
164 citations
01 Jul 2019
TL;DR: An overview of recent research on AV safety failures and security attacks, as well as the available safety and security countermeasures is presented.
Abstract: Autonomous vehicles (AVs) attract a lot of attention recently. They are expected to assist/replace the human drivers in maneuvering the vehicle, thereby reducing the likelihood of road accidents caused by human error, as a means to improve the road traffic safety. However, AVs have their inherent safety and security challenges, which have to be addressed before they are ready for wide adoption. This paper presents an overview of recent research on AV safety failures and security attacks, as well as the available safety and security countermeasures.
158 citations
References
More filters
[...]
TL;DR: It is shown that, without a logically centralized authority, Sybil attacks are always possible except under extreme and unrealistic assumptions of resource parity and coordination among entities.
Abstract: Large-scale peer-to-peer systems face security threats from faulty or hostile remote computing elements. To resist these threats, many such systems employ redundancy. However, if a single faulty entity can present multiple identities, it can control a substantial fraction of the system, thereby undermining this redundancy. One approach to preventing these "Sybil attacks" is to have a trusted agency certify identities. This paper shows that, without a logically centralized authority, Sybil attacks are always possible except under extreme and unrealistic assumptions of resource parity and coordination among entities.
4,816 citations
"A security credential management sy..." refers methods in this paper
...This would enable masquerading as multiple devices by compromising a single device (the so-called Sybil attack [20]) [21]....
[...]
01 Sep 1975
TL;DR: In this article, the authors explore the mechanics of protecting computer-stored information from unauthorized use or modification, focusing on those architectural structures-whether hardware or software-that are necessary to support information protection.
Abstract: This tutorial paper explores the mechanics of protecting computer-stored information from unauthorized use or modification. It concentrates on those architectural structures-whether hardware or software-that are necessary to support information protection. The paper develops in three main sections. Section I describes desired functions, design principles, and examples of elementary protection and authentication mechanisms. Any reader familiar with computers should find the first section to be reasonably accessible. Section II requires some familiarity with descriptor-based computer architecture. It examines in depth the principles of modern protection architectures and the relation between capability systems and access control list systems, and ends with a brief analysts of protected subsystems and protected objects. The reader who is dismayed by either the prerequisites or the level of detail in the second section may wish to skip to Section III, which reviews the state of the art and current research projects and provides suggestions for further reading.
2,063 citations
15 Aug 2004
TL;DR: In this article, the authors proposed a group signature scheme based on the Strong Diffie-Hellman assumption and a new assumption in bilinear groups called the Decision Linear assumption.
Abstract: We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the Strong Diffie-Hellman assumption and a new assumption in bilinear groups called the Decision Linear assumption. We prove security of our system, in the random oracle model, using a variant of the security definition for group signatures recently given by Bellare, Micciancio, and Warinschi.
1,956 citations
Proceedings Article•
[...]
08 Apr 1991
TL;DR: A new type of signature for a group of persons, called a group signature, which has the following properties: only members of the group can sign messages; and if necessary, the signature can be "opened", so that the person who signed the message is revealed.
Abstract: In this paper we present a new type of signature for a group of persons, called a group signature, which has the following properties: (i) only members of the group can sign messages; (ii) the receiver can verify that it is a valid group signature, but cannot discover which group member made it; (iii) if necessary, the signature can be "opened", so that the person who signed the message is revealed.
The group signatures are a "generalization" of the credential/ membership authentication schemes, in which one person proves that he belongs to a certain group.
We present four schemes that satisfy the properties above. Not all these schemes arc based on the same cryptographic assumption. In some of the schemes a trusted centre is only needed during the setup; and in other schemes, each pason can create the group he belongs to.
1,853 citations
Journal Article•
TL;DR: In this paper, the authors proposed a group signature scheme based on the Strong Diffie-Hellman assumption and a new assumption in bilinear groups called the Decision Linear assumption.
Abstract: We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the Strong Diffie-Hellman assumption and a new assumption in bilinear groups called the Decision Linear assumption. We prove security of our system, in the random oracle model, using a variant of the security definition for group signatures recently given by Bellare, Micciancio, and Warinschi.
1,562 citations