You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

361 lines
9.7 KiB

% $Header$
% use lualatex for compilation
% This file is a solution template for:
% - Talk at a conference/colloquium.
% - Talk length is about 20min.
% - Style is ornate.
% Copyright 2004 by Till Tantau <>.
% In principle, this file can be redistributed and/or modified under
% the terms of the GNU Public License, version 2.
% However, this file is supposed to be a template to be modified
% for your own needs. For this reason, if you use this file as a
% template and not specifically distribute it as part of a another
% package/program, I grant the extra permission to freely copy and
% modify this file as you see fit and even to delete this copyright
% notice.
% or ...
% or whatever (possibly just delete it)
% notes on 2nd screen:
%\setbeameroption{show notes on second screen}
% or whatever
% Or whatever. Note that the encoding and the font should match. If T1
% does not look nice, try deleting the line with the fontenc.
\title[Pseudonym Schemes in ETSI V2X communication] % (optional, use only with long paper titles)
{An ETSI look at the State of the Art of pseudonym
schemes in Vehicle-to-Everything (V2X)
{Oliver Schmidt}
% - Give the names in the same order as the appear in the paper.
% - Use the \inst{?} command only if the authors have different
% affiliation.
\institute[] % (optional, but mostly needed)
Department of Computer Science\\
Technical University Dresden
\date[HSTS 2018] % (optional, should be abbreviation of conference name)
{Hauptseminar Technischer Datenschutz, 2018}
% - Either use conference name or its abbreviation.
% - Not really informative to the audience, more for people (including
% yourself) who are reading the slides online
% This is only inserted into the PDF information catalog. Can be left
% out.
% If you have a file called "", where xxx
% is a graphic format that can be processed by latex or pdflatex,
% resp., then you can add a logo as follows:
% \pgfdeclareimage[height=0.5cm]{university-logo}{university-logo-filename}
% \logo{\pgfuseimage{university-logo}}
% Delete this, if you do not want the table of contents to pop up at
% the beginning of each subsection:
% \begin{frame}<beamer>{Outline}
% \tableofcontents[currentsection,currentsubsection]
% \end{frame}
% If you wish to uncover everything in a step-wise fashion, uncomment
% the following command:
% You might wish to add the option [pausesections]
% Structuring a talk is a difficult task and the following structure
% may not be suitable. Here are some rules that apply for this
% solution:
% - Exactly two or three sections (other than the summary).
% - At *most* three subsections per section.
% - Talk about 30s to 2min per frame. So there should be between about
% 15 and 30 frames, all told.
% - A conference audience is likely to know very little of what you
% are going to talk about. So *simplify*!
% - In a 20min talk, getting the main ideas across is hard
% enough. Leave out details, even if it means being less precise than
% you think necessary.
% - If you omit details that are vital to the proof/implementation,
% just say so once. Everybody will be happy with that.
\subsection{Intelligent Transport Systems}
\begin{frame}{Intelligent Transportation Systems}{Network Communication for Increased Traffic Safety}
% - A title should summarize the slide in an understandable fashion
% for anyone how does not follow everything on the slide itself.
\textbf{Vision Zero}: the aim of having no traffic-related fatalities\note{vision zero: late 90s, aim: no road traffic fatalities}
includes shifting responsibility to infrastructure\note{paradigm shift}
communication between safety assistance systems to increase safety
\item periodical broadcast of position and proximity
\subsection{ETSI ITS network architecture}
\begin{frame}{ETSI ITS network architecture}
\item \textbf{E}uropean \textbf{T}elecommunications \textbf{S}tandards \textbf{I}nstitute
\item this survey: focus on network technologies used in middle layers:
\item GeoNetworking for geographical routing
\item BTP as transport protocol
\item IPv6 encapsulated in GeoNetworking
\begin{frame}{Intelligent Transportation Systems}{Tracking in Vehicular Networks}
\item problem: constant communication allows tracking of vehicles
\item \textit{linkability} of messages threat to \textit{location privacy}
\item linkable identifiers in messages:
\item vehicle position
\item network addresses: IP, GeoNetworking, port numbers
\item certificates for message signing\note{for security purposes authenticity of messages needs to be ensured by asymmetric signing}
\item StationID
\item state residing in message queues, counters, \dots
\item message content left out of scope
\item \dots
\section{Pseudonym Schemes}
\subsection{Pseudonym Schemes for ETSI ITS}
\begin{frame}{Pseudonym Schemes for ETSI ITS}
\item<1,3-> basic idea: use temporary identifiers, change them periodically \& simultaneously together
\item<1,3> pseudonymity while maintaining authentication of vehicle node:
\item<1,3> divide knowledge about identities within a PKI
\item<3-> crucial operations: pseudonym issuance, use, change, revocation, resolution
\begin{frame}{Pseudonym Change}
\item requirements for an effective change strategy:
\item other nodes present for ambiguity
\item coordinated change
\item random change frequency
\item all identifiers changed simultaneously, buffers flushed
\item Car-2-Car CC: divide trips into 3 segments
\item Silent Periods
\item Mix Zones
\subsection{More Advanced Pseudonym Schemes}
\begin{frame}{Advanced Cryptographic Pseudonym Schemes}
\item ETSI standard uses PKI certificate-based pseudonyms
\item other approaches: \note{all of them have their challenges}
\item identity-based cryptography
\item group signature schemes
\item symmetric MACs
\begin{frame}{Attacker Model}{Characteristics}
\begin{tabular}{r | l}
\textbf{capability} & \\ \hline
reach & single-point/ multi-point/ global \\
authentication in network & insider/ outsider \\
activity & Dolev-Yao (active)/ passive
\begin{frame}{Resilience Against Attacks}
\begin{tabular}{l | p{0.6\textwidth} }
\textbf{attacker} & \textbf{possible countermeasures} \\ \hline
multi-point passive outsider & 3-segment pseudonym change \\ \hline
global passive outsider & cooperative pseudonym change: silent periods or (cryptographic) mix zones \\ \hline
active attacker & resistance against pseudonym depletion (e.g. pseudonym reuse) \\ \hline
attacking infrastructure & frequent cooperative pseudonym change with real silent periods \\
% Keep the summary *very short*.
ETSI ITS messages contain \alert{many potential linkable identifiers}.
The \alert{PKI based pseudonym scheme} by ETSI \alert{lacks a change strategy, resilient resolution and advanced cryptography}.
\alert{Other work} can provide these missing aspects, but \alert{needs to be integrated into the standard}.
% The following outlook is optional.
\vskip0pt plus.5fill
Expanding and adjusting the ETSI standard.
Look at linkability in lower network layers or applications.
% All of the following is optional and typically not needed.
\subsection<presentation>*{For Further Reading}
\center\huge{Thank you for your attention!}
\includegraphics[height=0.5\textheight]{figures/nomnompingu.png}\tiny\footnote{CC-BY-SA 3.0 by Elektroll}