PRESTvO: PRivacy Enabled Smartphone Based Access to Vehicle On-Board Units

Smartphones are quickly moving toward complementing or even replacing traditional car keys. We advocate a role-based access control policy mixed with attributes that facilitates access to various functionalities of vehicular on-board units from smartphones. We use a rights-based access control policy for in-vehicle functionalities similar to the case of a file allocation table of a contemporary OS, in which read, write or execute operations can be performed over various vehicle functions. Further, to assure the appropriate security, we develop a protocol suite using identity-based cryptography and we rely on group signatures which preserve the anonymity of group members thus assuring privacy and traceability. To prove the feasibility of our approach, we develop a proof-of-concept implementation with modern smartphones, aftermarket Android head-units and test computational feasibility on a real-world in-vehicle controller. Our implementation relies on state-of-the-art cryptography, including traditional building blocks and more modern pairing-friendly curves, which facilitate the adoption of group signatures and identity-based cryptography in automotive-based scenarios.

[1]  Indrajit Ray,et al.  TrustBAC: integrating trust relationships into the RBAC model for access control in open systems , 2006, SACMAT '06.

[2]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[3]  Rainer Steffen,et al.  Near Field Communication (NFC) in an Automotive Environment , 2010, 2010 Second International Workshop on Near Field Communication.

[4]  Eli Biham,et al.  Breaking the Bluetooth Pairing - The Fixed Coordinate Invalid Curve Attack , 2019, IACR Cryptol. ePrint Arch..

[5]  Wei Zheng,et al.  Participatory Sensing Meets Opportunistic Sharing: Automatic Phone-to-Phone Communication in Vehicles , 2016, IEEE Transactions on Mobile Computing.

[6]  Miao Pan,et al.  Location Privacy Violation via GPS-Agnostic Smart Phone Car Tracking , 2018, IEEE Transactions on Vehicular Technology.

[7]  Mihir Bellare,et al.  Identity-Based Multi-signatures from RSA , 2007, CT-RSA.

[8]  Bogdan Groza,et al.  Performance Evaluation of Elliptic Curve Libraries on Automotive-Grade Microcontrollers , 2019, ARES.

[9]  Lars C. Wolf,et al.  Secure smartphone-based registration and key deployment for vehicle-to-cloud communications , 2013, CyCAR '13.

[10]  William P. Marnane,et al.  Identity- Based Cryptography , 2008 .

[11]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[12]  Bogdan Groza,et al.  Designing Wireless Automotive Keys with Rights Sharing Capabilities on the MSP430 Microcontroller , 2017, VEHITS.

[13]  Dong Zheng,et al.  Security and Privacy Challenges in 5G-Enabled Vehicular Networks , 2020, IEEE Network.

[14]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[15]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[16]  Fan Bai,et al.  MVSec: Secure and Easy-to-Use Pairing of Mobile Devices with Vehicles (CMU-CyLab-14-006) , 2014 .

[17]  Florian Schaub,et al.  "I've Got Nothing to Lose": Consumers' Risk Perceptions and Protective Actions after the Equifax Data Breach , 2018, SOUPS @ USENIX Security Symposium.

[18]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[19]  Francesc Sebé,et al.  A Privacy-Preserving Pay-by-Phone Parking System , 2017, IEEE Transactions on Vehicular Technology.

[20]  Mathieu Turuani,et al.  The CL-Atse Protocol Analyser , 2006, RTA.

[21]  Mohan M. Trivedi,et al.  Driver classification and driving style recognition using inertial sensors , 2013, 2013 IEEE Intelligent Vehicles Symposium (IV).

[22]  Alexandra Dmitrienko,et al.  Smart keys for cyber-cars: secure smartphone-based NFC-enabled car immobilizer , 2013, CODASPY.

[23]  Yva Doually,et al.  Information Technology , 1997, IFIP Advances in Information and Communication Technology.

[24]  Eike Kiltz,et al.  Identity-Based Signatures , 2009, Identity-Based Cryptography.

[25]  Christof Paar,et al.  Rights Management with NFC Smartphones and Electronic ID Cards: A Proof of Concept for Modern Car Sharing , 2013, RFIDSec.

[26]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[27]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[28]  Mohammed Atiquzzaman,et al.  Security threats in Bluetooth technology , 2018, Comput. Secur..

[29]  Frank Piessens,et al.  Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 , 2017, CCS.

[30]  Ahmad-Reza Sadeghi,et al.  An Open Approach for Designing Secure Electronic Immobilizers , 2005, ISPEC.

[31]  Michael Sun,et al.  Security Analysis of Near-Field Communication (NFC) Payments , 2019, ArXiv.

[32]  Bart Preneel,et al.  Fast, Furious and Insecure: Passive Keyless Entry and Start Systems in Modern Supercars , 2019, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[33]  Li Zhao,et al.  Vehicle-to-Everything (v2x) Services Supported by LTE-Based Systems and 5G , 2017, IEEE Communications Standards Magazine.

[34]  Jonathan Lester,et al.  Morphing Smartphones into Automotive Application Platforms , 2011, Computer.

[35]  William Webb Wireless Communications: The Future , 2007 .

[36]  Mujahid Muhammad,et al.  Survey on existing authentication issues for cellular-assisted V2X communication , 2018, Veh. Commun..

[37]  Robert H. Deng,et al.  HIBS-KSharing: Hierarchical Identity-Based Signature Key Sharing for Automotive , 2017, IEEE Access.

[38]  Bart Preneel,et al.  SePCAR: A Secure and Privacy-Enhancing Protocol for Car Access Provision , 2017, ESORICS.

[39]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[40]  Roel Verdult,et al.  Practical Attacks on NFC Enabled Cell Phones , 2011, 2011 Third International Workshop on Near Field Communication.

[41]  Flavio D. Garcia,et al.  Gone in 360 Seconds: Hijacking with Hitag2 , 2012, USENIX Security Symposium.

[42]  David W. Chadwick,et al.  Role-Based Access Control With X.509 Attribute Certificates , 2003, IEEE Internet Comput..

[43]  Ahmad-Reza Sadeghi,et al.  SmartTokens: Delegable Access Control with NFC-Enabled Smartphones , 2012, TRUST.

[44]  Chunming Rong,et al.  Identity-Based Cryptography , 2009, Cryptology and Information Security Series.

[45]  Alexandra Dmitrienko,et al.  Secure Free-Floating Car Sharing for Offline Cars , 2017, CODASPY.

[46]  D. Richard Kuhn,et al.  Adding Attributes to Role-Based Access Control , 2010, Computer.

[47]  Gerhard P. Hancke,et al.  Practical NFC Peer-to-Peer Relay Attack Using Mobile Phones , 2010, RFIDSec.

[48]  Chi-Hao Lung,et al.  Device with identity verification — Apply in car driving as an example , 2018, 2018 IEEE International Conference on Applied System Invention (ICASI).

[49]  Lujo Bauer,et al.  Comparing Access-Control Technologies: A Study of Keys and Smartphones , 2007 .

[50]  Jos Wetzels Broken keys to the kingdom: Security and privacy aspects of RFID-based car keys , 2014, ArXiv.

[51]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[52]  Mina J. Hanna,et al.  User Data Privacy: Facebook, Cambridge Analytica, and Privacy Protection , 2018, Computer.

[53]  Lujo Bauer,et al.  Lessons learned from the deployment of a smartphone-based access-control system , 2007, SOUPS '07.

[54]  Marcin Wójcik,et al.  Security Analysis of an Open Car Immobilizer Protocol Stack , 2012, INTRUST.

[55]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[56]  Jean-Jacques Quisquater,et al.  Cryptographic authentication protocols for smart cards , 2001, Comput. Networks.

[57]  Flavio D. Garcia,et al.  Lock It and Still Lose It - on the (In)Security of Automotive Remote Keyless Entry Systems , 2016, USENIX Security Symposium.

[58]  Srdjan Capkun,et al.  Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars , 2010, NDSS.

[59]  Jean-Jacques Quisquater,et al.  A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge , 1988, CRYPTO.

[60]  Luciano Baresi,et al.  Green Move: Towards next generation sustainable smartphone-based vehicle sharing , 2012, 2012 Sustainable Internet and ICT for Sustainability (SustainIT).

[61]  Lin Zhang,et al.  Driver identification in intelligent vehicle systems using machine learning algorithms , 2018, IET Intelligent Transport Systems.

[62]  Tadayoshi Kohno,et al.  Automobile Driver Fingerprinting , 2016, Proc. Priv. Enhancing Technol..

[63]  Thomas Unterluggauer,et al.  Efficient Pairings and ECC for Embedded Systems , 2014, IACR Cryptol. ePrint Arch..