schmittlauch
/
hs-pseudonym-schemes-in-v2x
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity
hs-pseudonym-schemes-in-v2x/talk_notes.md

2.4 KiB
Raw Permalink Blame History

% notes ITS talk

  • quite a long title, so let's 1st talk about ITS before we get to the Pseudonym Schemes

ITS

  • road traffic is still dangerous part of our everyday lives

  • infrastructure assist safety

  • recent years: decrease of traffic deaths

  • probably also thanks to assistance systems

    • currently working on their own

  • collaboration, proactively broadcast, communicate

  • multiple standardization groups working on it

  • survey focuses on middle layers

  • GN: geograhical ad-hoc routing, broadcast unicast multicast

  • constant communication, linkability

  • location privacy: deriving location patterns of a single user

  • authorized senders: message signing

pseudonym schemes

  • proposed solution: pseudonyms

    • must not be linkable

  • we only want authorized vehicles to communicate

  • a priori trusted: RootCA

  • EA knows vehicle ID & public key

  • AA trusts valid EA certificates

  • pseudonym resolution: desirable for law enforcement agencies

pseudonym change

  • many strategies have been proposed
  • C2C CC: statistical values:
    • shall achieve that locations significant to a user can't be linked together nor to the user
    • 0.8-1.5km, then each 0.8km or 2-6min
  • vehicle-centric change strategies: depending on mobility, trajectory
  • density-based
  • cryptographic mix zones: symm. key from RSU
    • safety of collision avoidance systems

advanced schemes

  • identity-based:
    • advantage: no certificates needed as ID = key
    • disadvantage: splitting mapping information hard, Trusted Authority involved in key derivation
  • group signature:
    • all members of group can sign for same public key
    • problems: group leader, group change -> re-setup of all group keys
  • symmetric MACs:
    • less computation overhead
    • but not really practically usable, as signature checking is done by 3rd parties

attacker model

  • single-point:
    • communication with EA and AA encrypted, C2C 3 segments (reception range)
    • no cooperative change needed
  • global passive:
    • cooperative change
    • cryptographic mix zones sufficient
  • active: pseudonym depeltion
  • active insider:
    • real silent periods needed, crypto mix zones don't work anymore
    • servers in the internet can't link IPv6 address thanks to stateless autoconfiguration
  • special attacks:
    • pseudonym depletion attack
    • sybil attack
  • privileged: accountability, resolution
    • needs independent judicial systems and separation of powers