SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems

Several years of academic and industrial research efforts have converged to a common understanding on fundamental security building blocks for the upcoming vehicular communication (VC) systems. There is a growing consensus toward deploying a special-purpose identity and credential management infrastructure, i.e., a vehicular public-key infrastructure (VPKI), enabling pseudonymous authentication, with standardization efforts toward that direction. In spite of the progress made by standardization bodies (IEEE 1609.2 and ETSI) and harmonization efforts [Car2Car Communication Consortium (C2C-CC)], significant questions remain unanswered toward deploying a VPKI. Deep understanding of the VPKI, a central building block of secure and privacy-preserving VC systems, is still lacking. This paper contributes to the closing of this gap. We present SECMACE, a VPKI system, which is compatible with the IEEE 1609.2 and ETSI standards specifications. We provide a detailed description of our state-of-the-art VPKI that improves upon existing proposals in terms of security and privacy protection, and efficiency. SECMACE facilitates multi-domain operations in the VC systems and enhances user privacy, notably preventing linking pseudonyms based on timing information and offering increased protection even against honest-but-curious VPKI entities. We propose multiple policies for the vehicle–VPKI interactions and two large-scale mobility trace data sets, based on which we evaluate the full-blown implementation of SECMACE. With very little attention on the VPKI performance thus far, our results reveal that modest computing resources can support a large area of vehicles with very few delays and the most promising policy in terms of privacy protection can be supported with moderate overhead.

[1]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[2]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[3]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[4]  Hovav Shacham,et al.  Group signatures with verifier-local revocation , 2004, CCS '04.

[5]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[6]  Panagiotis Papadimitratos,et al.  Securing Vehicular Communications - Assumptions, Requirements, and Principles , 2006 .

[7]  C. Eckert,et al.  Secure Revocable Anonymous Authenticated Inter-Vehicle Communication ( SRAAC ) , 2006 .

[8]  Panagiotis Papadimitratos,et al.  SEVECOM - Secure Vehicle Communication , 2006 .

[9]  Tao Zhang,et al.  Adaptive Privacy-Preserving Authentication in Vehicular Networks , 2006, 2006 First International Conference on Communications and Networking in China.

[10]  Jim Sermersheim,et al.  Lightweight Directory Access Protocol (LDAP): The Protocol , 2006, RFC.

[11]  Pin-Han Ho,et al.  GSIS: A Secure and Privacy-Preserving Protocol for Vehicular Communications , 2007, IEEE Transactions on Vehicular Technology.

[12]  Panagiotis Papadimitratos,et al.  Eviction of Misbehaving and Faulty Nodes in Vehicular Networks , 2007, IEEE Journal on Selected Areas in Communications.

[13]  Pin-Han Ho,et al.  Secure Vehicular Communications Based on Group Signature and ID-Based Signature Scheme , 2007, 2007 IEEE International Conference on Communications.

[14]  J.-P. Hubaux,et al.  Architecture for Secure and Private Vehicular Communications , 2007, 2007 7th International Conference on ITS Telecommunications.

[15]  Jinhua Guo,et al.  A Group Signature Based Secure and Privacy-Preserving Vehicular Communication Framework , 2007, 2007 Mobile Networking for Vehicular Environments.

[16]  Panagiotis Papadimitratos “On the Road” - Reflections on the security of Vehicular communication systems , 2008, 2008 IEEE International Conference on Vehicular Electronics and Safety.

[17]  Panagiotis Papadimitratos,et al.  Secure vehicular communication systems: implementation, performance, and research challenges , 2008, IEEE Communications Magazine.

[18]  Pin-Han Ho,et al.  ECPP: Efficient Conditional Privacy Preservation Protocol for Secure Vehicular Communications , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[19]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[20]  Panagiotis Papadimitratos,et al.  Impact of vehicular communications security on transportation safety , 2008, IEEE INFOCOM Workshops 2008.

[21]  Xuemin Shen,et al.  ECMV: Efficient Certificate Management Scheme for Vehicular Networks , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[22]  Xuemin Shen,et al.  PPGCV: Privacy Preserving Group Communications Protocol for Vehicular Ad Hoc Networks , 2008, 2008 IEEE International Conference on Communications.

[23]  Panagiotis Papadimitratos,et al.  Secure vehicular communication systems: design and architecture , 2008, IEEE Communications Magazine.

[24]  Elaine Shi,et al.  TACKing Together Efficient Authentication, Revocation, and Privacy in VANETs , 2009, 2009 6th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[25]  Panagiotis Papadimitratos,et al.  Vehicular communication systems: Enabling technologies, applications, and future outlook on intelligent transportation , 2009, IEEE Communications Magazine.

[26]  Taieb Znati,et al.  A Guided Tour Puzzle for Denial of Service Prevention , 2009, 2009 Annual Computer Security Applications Conference.

[27]  Michael Weber,et al.  V-Tokens for Conditional Pseudonymity in VANETs , 2010, 2010 IEEE Wireless Communication and Networking Conference.

[28]  Panagiotis Papadimitratos,et al.  On the Performance of Secure Vehicular Communication Systems , 2011, IEEE Transactions on Dependable and Secure Computing.

[29]  Mohammad Khodaei,et al.  Secure Vehicular Communication Systems: Design and Implementation of a Vehicular PKI (VPKI) , 2012 .

[30]  Kpatcha M. Bayarou,et al.  Copra: Conditional pseudonym resolution algorithm in VANETs , 2013, 2013 10th Annual Conference on Wireless On-demand Network Systems and Services (WONS).

[31]  Panagiotis Papadimitratos,et al.  SEROSA: SERvice oriented security architecture for Vehicular Communications , 2013, 2013 IEEE Vehicular Networking Conference.

[32]  William Whyte,et al.  A security credential management system for V2V communications , 2013, 2013 IEEE Vehicular Networking Conference.

[33]  Panagiotis Papadimitratos,et al.  VeSPA: vehicular security and privacy-preserving architecture , 2013, HotWiSec '13.

[34]  Frank Kargl,et al.  PUCA: A pseudonym scheme with user-controlled anonymity for vehicular ad-hoc networks (VANET) , 2014, 2014 IEEE Vehicular Networking Conference (VNC).

[35]  Panagiotis Papadimitratos,et al.  Towards deploying a scalable & robust vehicular identity and credential management infrastructure , 2014, 2014 IEEE Vehicular Networking Conference (VNC).

[36]  Marco Fiore,et al.  Generation and Analysis of a Large-Scale Urban Vehicular Mobility Dataset , 2014, IEEE Transactions on Mobile Computing.

[37]  Thomas Engel,et al.  Luxembourg SUMO Traffic (LuST) Scenario: 24 hours of mobility for vehicular networking research , 2015, 2015 IEEE Vehicular Networking Conference (VNC).

[38]  Panagiotis Papadimitratos,et al.  The Key to Intelligent Transportation: Identity and Credential Management in Vehicular Communication Systems , 2015, IEEE Vehicular Technology Magazine.

[39]  Panagiotis Papadimitratos,et al.  Evaluating on-demand pseudonym acquisition policies in vehicular communication systems , 2016, IoV-VoI '16.

[40]  Panagiotis Papadimitratos,et al.  Resilient privacy protection for location-based services through decentralization , 2017, WISEC.

[41]  Panos Papadimitratos,et al.  Security and Privacy in Vehicular Social Networks , 2020, ArXiv.