ANTARES - ANonymous Transfer of vehicle Access Rights from External cloud Services

As car sharing becomes an increasingly common task, mediating user access rights from external servers comes with threats regarding user’s privacy. Clearly, users can be tracked by service mediators, e.g., cloud providers, that manage vehicle fleets, etc. In this work we design and test a simple solution based on oblivious transfer, a well-known and secure cryptographic block, that allows to preserve user’s privacy when gaining access to the vehicle. We test the feasibility of deploying such a solution on Android capable smartphones but also account for potential in-vehicle components, e.g., car head units, that may be soon put to such tasks. We use Microsoft Azure as cloud service provider and deploy a Java implementation, based on the Bouncy Castle cryptographic library, on the server side. Our experimental results show that Android based units are capable of handling the required cryptographic operations and the implementation of the employed protocol can be done by existing open-source support.

[1]  Marcin Wójcik,et al.  Security Analysis of an Open Car Immobilizer Protocol Stack , 2012, INTRUST.

[2]  Bogdan Groza,et al.  PRESTvO: PRivacy Enabled Smartphone Based Access to Vehicle On-Board Units , 2020, IEEE Access.

[3]  Luciano Baresi,et al.  Green Move: Towards next generation sustainable smartphone-based vehicle sharing , 2012, 2012 Sustainable Internet and ICT for Sustainability (SustainIT).

[4]  Chi-Hao Lung,et al.  Device with identity verification — Apply in car driving as an example , 2018, 2018 IEEE International Conference on Applied System Invention (ICASI).

[5]  Lujo Bauer,et al.  Comparing Access-Control Technologies: A Study of Keys and Smartphones , 2007 .

[6]  Christof Paar,et al.  Rights Management with NFC Smartphones and Electronic ID Cards: A Proof of Concept for Modern Car Sharing , 2013, RFIDSec.

[7]  Yehuda Lindell,et al.  Efficient Secure Two-Party Protocols: Techniques and Constructions , 2010 .

[8]  Bogdan Groza,et al.  Designing Wireless Automotive Keys with Rights Sharing Capabilities on the MSP430 Microcontroller , 2017, VEHITS.

[10]  Alexandra Dmitrienko,et al.  Smart keys for cyber-cars: secure smartphone-based NFC-enabled car immobilizer , 2013, CODASPY.

[11]  Bart Preneel,et al.  SePCAR: A Secure and Privacy-Enhancing Protocol for Car Access Provision , 2017, ESORICS.

[12]  Ren Zhang,et al.  SC2Share: Smart Contract for Secure Car Sharing , 2019, ICISSP.

[13]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[14]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[15]  Robert H. Deng,et al.  HIBS-KSharing: Hierarchical Identity-Based Signature Key Sharing for Automotive , 2017, IEEE Access.

[16]  Srdjan Capkun,et al.  Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars , 2010, NDSS.

[17]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[18]  Jos Wetzels Broken keys to the kingdom: Security and privacy aspects of RFID-based car keys , 2014, ArXiv.

[19]  Lujo Bauer,et al.  Lessons learned from the deployment of a smartphone-based access-control system , 2007, SOUPS '07.

[20]  Alexandra Dmitrienko,et al.  Secure Free-Floating Car Sharing for Offline Cars , 2017, CODASPY.