73 lines
2.4 KiB
Markdown
73 lines
2.4 KiB
Markdown
% notes ITS talk
|
|
|
|
- quite a long title, so let's 1st talk about ITS before we get to the Pseudonym Schemes
|
|
|
|
## ITS
|
|
|
|
- road traffic is still dangerous part of our everyday lives
|
|
- infrastructure assist safety
|
|
- recent years: decrease of traffic deaths
|
|
- probably also thanks to assistance systems
|
|
- currently working on their own
|
|
- collaboration, proactively broadcast, communicate
|
|
|
|
- multiple standardization groups working on it
|
|
- survey focuses on middle layers
|
|
- GN: geograhical ad-hoc routing, broadcast unicast multicast
|
|
|
|
- constant communication, linkability
|
|
- location privacy: deriving location patterns of a single user
|
|
- authorized senders: message signing
|
|
|
|
## pseudonym schemes
|
|
|
|
- proposed solution: pseudonyms
|
|
- must not be linkable
|
|
- we only want authorized vehicles to communicate
|
|
|
|
- a priori trusted: RootCA
|
|
- EA knows vehicle ID & public key
|
|
- AA trusts valid EA certificates
|
|
- pseudonym resolution: desirable for law enforcement agencies
|
|
|
|
## pseudonym change
|
|
|
|
- many strategies have been proposed
|
|
- C2C CC: statistical values:
|
|
- shall achieve that locations significant to a user can't be linked together nor to the user
|
|
- 0.8-1.5km, then each 0.8km or 2-6min
|
|
- vehicle-centric change strategies: depending on mobility, trajectory
|
|
- density-based
|
|
- cryptographic mix zones: symm. key from RSU
|
|
- safety of collision avoidance systems
|
|
|
|
### advanced schemes
|
|
|
|
- identity-based:
|
|
- advantage: no certificates needed as ID = key
|
|
- disadvantage: splitting mapping information hard, Trusted Authority involved in key derivation
|
|
- group signature:
|
|
- all members of group can sign for same public key
|
|
- problems: group leader, group change -> re-setup of all group keys
|
|
- symmetric MACs:
|
|
- less computation overhead
|
|
- but not really practically usable, as signature checking is done by 3rd parties
|
|
|
|
## attacker model
|
|
|
|
- single-point:
|
|
- communication with EA and AA encrypted, C2C 3 segments (reception range)
|
|
- no cooperative change needed
|
|
- global passive:
|
|
- cooperative change
|
|
- cryptographic mix zones sufficient
|
|
- active: pseudonym depeltion
|
|
- active insider:
|
|
- real silent periods needed, crypto mix zones don't work anymore
|
|
- servers in the internet can't link IPv6 address thanks to stateless autoconfiguration
|
|
- special attacks:
|
|
- pseudonym depletion attack
|
|
- sybil attack
|
|
- privileged: accountability, resolution
|
|
- needs independent judicial systems and separation of powers
|