% notes ITS talk

- quite a long title, so let's 1st talk about ITS before we get to the Pseudonym Schemes

## ITS

- road traffic is still dangerous part of our everyday lives
- infrastructure assist safety
- recent years: decrease of traffic deaths
- probably also thanks to assistance systems
    - currently working on their own
- collaboration, proactively broadcast, communicate

- multiple standardization groups working on it
- survey focuses on middle layers
- GN: geograhical ad-hoc routing, broadcast unicast multicast

- constant communication, linkability
- location privacy: deriving location patterns of a single user
- authorized senders: message signing

## pseudonym schemes

- proposed solution: pseudonyms
    - must not be linkable
- we only want authorized vehicles to communicate

- a priori trusted: RootCA
- EA knows vehicle ID & public key
- AA trusts valid EA certificates
- pseudonym resolution: desirable for law enforcement agencies

## pseudonym change

- many strategies have been proposed
- C2C CC: statistical values:
    - shall achieve that locations significant to a user can't be linked together nor to the user
    - 0.8-1.5km, then each 0.8km or 2-6min
- vehicle-centric change strategies: depending on mobility, trajectory
- density-based
- cryptographic mix zones: symm. key from RSU
    - safety of collision avoidance systems

### advanced schemes

- identity-based:
    - advantage: no certificates needed as ID = key
    - disadvantage: splitting mapping information hard, Trusted Authority involved in key derivation
- group signature:
    - all members of group can sign for same public key
    - problems: group leader, group change -> re-setup of all group keys
- symmetric MACs:
    - less computation overhead
    - but not really practically usable, as signature checking is done by 3rd parties

## attacker model

- single-point:
    - communication with EA and AA encrypted, C2C 3 segments (reception range)
    - no cooperative change needed
- global passive:
    - cooperative change
    - cryptographic mix zones sufficient
- active: pseudonym depeltion
- active insider:
    - real silent periods needed, crypto mix zones don't work anymore
    - servers in the internet can't link IPv6 address thanks to stateless autoconfiguration
- special attacks:
    - pseudonym depletion attack
    - sybil attack
- privileged: accountability, resolution
    -  needs independent judicial systems and separation of powers