hs-pseudonym-schemes-in-v2x/talk_notes.md

% notes ITS talk

- quite a long title, so let's 1st talk about ITS before we get to the Pseudonym Schemes

## ITS

- road traffic is still dangerous part of our everyday lives
- infrastructure assist safety
- recent years: decrease of traffic deaths
- probably also thanks to assistance systems
    - currently working on their own
- collaboration, proactively broadcast, communicate

- multiple standardization groups working on it
- survey focuses on middle layers
- GN: geograhical ad-hoc routing, broadcast unicast multicast

- constant communication, linkability
- location privacy: deriving location patterns of a single user
- authorized senders: message signing

## pseudonym schemes

- proposed solution: pseudonyms
    - must not be linkable
- we only want authorized vehicles to communicate

- a priori trusted: RootCA
- EA knows vehicle ID & public key
- AA trusts valid EA certificates
- pseudonym resolution: desirable for law enforcement agencies

## pseudonym change

- many strategies have been proposed
- C2C CC: statistical values:
    - shall achieve that locations significant to a user can't be linked together nor to the user
    - 0.8-1.5km, then each 0.8km or 2-6min
- vehicle-centric change strategies: depending on mobility, trajectory
- density-based
- cryptographic mix zones: symm. key from RSU
    - safety of collision avoidance systems

### advanced schemes

- identity-based:
    - advantage: no certificates needed as ID = key
    - disadvantage: splitting mapping information hard, Trusted Authority involved in key derivation
- group signature:
    - all members of group can sign for same public key
    - problems: group leader, group change -> re-setup of all group keys
- symmetric MACs:
    - less computation overhead
    - but not really practically usable, as signature checking is done by 3rd parties

## attacker model

- single-point:
    - communication with EA and AA encrypted, C2C 3 segments (reception range)
    - no cooperative change needed
- global passive:
    - cooperative change
    - cryptographic mix zones sufficient
- active: pseudonym depeltion
- active insider:
    - real silent periods needed, crypto mix zones don't work anymore
    - servers in the internet can't link IPv6 address thanks to stateless autoconfiguration
- special attacks:
    - pseudonym depletion attack
    - sybil attack
- privileged: accountability, resolution
    -  needs independent judicial systems and separation of powers
some minor talk flow additions 2018-07-16 20:06:48 +02:00			`% notes ITS talk`

			`- quite a long title, so let's 1st talk about ITS before we get to the Pseudonym Schemes`

			`## ITS`

			`- road traffic is still dangerous part of our everyday lives`
			`- infrastructure assist safety`
			`- recent years: decrease of traffic deaths`
			`- probably also thanks to assistance systems`
			`- currently working on their own`
			`- collaboration, proactively broadcast, communicate`

			`- multiple standardization groups working on it`
			`- survey focuses on middle layers`
			`- GN: geograhical ad-hoc routing, broadcast unicast multicast`

			`- constant communication, linkability`
			`- location privacy: deriving location patterns of a single user`
			`- authorized senders: message signing`

			`## pseudonym schemes`

			`- proposed solution: pseudonyms`
			`- must not be linkable`
			`- we only want authorized vehicles to communicate`

			`- a priori trusted: RootCA`
			`- EA knows vehicle ID & public key`
			`- AA trusts valid EA certificates`
			`- pseudonym resolution: desirable for law enforcement agencies`

			`## pseudonym change`

			`- many strategies have been proposed`
			`- C2C CC: statistical values:`
			`- shall achieve that locations significant to a user can't be linked together nor to the user`
			`- 0.8-1.5km, then each 0.8km or 2-6min`
			`- vehicle-centric change strategies: depending on mobility, trajectory`
			`- density-based`
			`- cryptographic mix zones: symm. key from RSU`
			`- safety of collision avoidance systems`

			`### advanced schemes`

			`- identity-based:`
			`- advantage: no certificates needed as ID = key`
			`- disadvantage: splitting mapping information hard, Trusted Authority involved in key derivation`
			`- group signature:`
			`- all members of group can sign for same public key`
			`- problems: group leader, group change -> re-setup of all group keys`
			`- symmetric MACs:`
			`- less computation overhead`
			`- but not really practically usable, as signature checking is done by 3rd parties`

			`## attacker model`

			`- single-point:`
			`- communication with EA and AA encrypted, C2C 3 segments (reception range)`
			`- no cooperative change needed`
			`- global passive:`
			`- cooperative change`
			`- cryptographic mix zones sufficient`
			`- active: pseudonym depeltion`
			`- active insider:`
			`- real silent periods needed, crypto mix zones don't work anymore`
			`- servers in the internet can't link IPv6 address thanks to stateless autoconfiguration`
			`- special attacks:`
			`- pseudonym depletion attack`
			`- sybil attack`
			`- privileged: accountability, resolution`
			`- needs independent judicial systems and separation of powers`