Restricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection

Introduction to Vehicular Ad-hoc Network (VANET)Problem Statement

IT Security and Privacy requirements in VANETDesign and Implementation of ACS Protocols for VANET

Analysis, Conclusion and Future WorkBibliography

Restricted Usage of Anonymous Credentials inVANET for Misbehavior Detection

Ankit SinghFraunhofer SIT,

Darmstadt, Germany

June 25, 2012

Ankit Singh Restricted Usage of Anonymous Credentials in VANET for Misbehavior Detection




1 Introduction to Vehicular Ad-hoc Network (VANET)Overview of Basic Components in VANETs

2 Problem StatementWhat is the privacy issue in VANET?

3 IT Security and Privacy requirements in VANETRequirements

4 Design and Implementation of ACS Protocols for VANETAssumptions made for Designing the ACS protocolsPlayers Participating in different ProtocolsProposed ProtocolsImplementation of the Proposed Protocols and Contributions

5 Analysis, Conclusion and Future WorkAnalysis and DiscussionsConclusion of the Thesis





Future work of the Thesis

6 Bibliography





Overview of Basic Components in VANETs

What is VANET and Why we need VANET? I

Safe and Secure travel

Free flow of traffic

Infotainment services





Overview of Basic Components in VANETs

Overview of Basic Components in VANETs I

Basic Component of VANET





What is the privacy issue in VANET?

Problem Statement I

Vehicle A broadcasting message of traffic Jam






Problem Statement II

Vehicle A broadcasting message signed using a classical certificate






Problem Statement III

Vehicle A broadcasting message signed using a pseudonymouscertificate






Problem Statement IV

Vehicle A broadcasting same message signed using multiplepseudonymous certificates





Requirements

Requirements I

Security Requirements Privacy Requirements

Authentication Anonymity

Accountability Unlinkability

Verification of Data Consistency Restricted Credential usage

Availability Perfect forward privacy

Non-repudiation

Credential revocation





Assumptions made for Designing the ACS protocolsPlayers Participating in different ProtocolsProposed ProtocolsImplementation of the Proposed Protocols and Contributions

Assumptions I

Strong trust on issuer party

Tamper proof storage device.

Negotiations on attributes etc. are done before beginning ofthe protocols.

Secure channel.

Broadcasting messages.






Players participating in different protocols I






Proposed Protocols I

Two versions of protocols are proposed for the problem statements:

Setup protocol (common to both versions)

Version 1 without revocationIssuance protocol V1:- Strong privacy.Signing protocol V1:- Achieved restricted usage of credential.Verifying protocol V1:- Detects fraud at verifier vehicle side- No revocation request.






Proposed Protocols II

Version 2 with revocationIssuance protocol V2:- Weak privacy.- Adapted from V1.- Generates tracing ID.Signing protocol V2:- Adapted from V1 and randomizes tracing ID.Verifying protocol V2:- Adapted from V1 and revocation requestTracing and Revocation protocol:- Tracing of the fraud vehicle- Revocation of the credential.






Implementation and Contributions I

Designed Anonymous credential protocols for VANET

Idemix java cryptographic library

The Library was modified and extended:

Support limited spending.

Used domain pseudonyms for binding it to a time frame.

Generating tracing ID.

Generating multiple pseudonyms and saving it to a file.

Randomizing tracing ID during signing protocol.

Contributed in detecting the fraud at the receiver side.

Modified library for preforming revocation.





Analysis and DiscussionsConclusion of the ThesisFuture work of the Thesis

Analysis and Discussions I

Security requirements fulfilled (X: achieved; ◦: out of scope of thisthesis)

Au

then

tica

tio

n

Acc

ou

nta

bili

ty

Ver

ifica

tio

no

fd

ata

con

sist

ency

Ava

ilab

ility

No

n-

rep

ud

iati

on

Co

nfi

den

tia

lity

Res

tric

ted

cre-

den

tia

lu

sag

e

Cre

den

tia

lR

e-vo

cati

on

X X ◦ ◦ X X X X






Analysis and Discussions II

Privacy requirements fulfilled (X: achieved; ◦: out of scope of this thesis)

Min

imu

md

is-

clo

sure

An

on

ymit

y

Un

linka

bili

ty

Dis

trib

ute

dR

eso

luti

on

Au

tho

rity

Per

fect

for-

war

dp

riva

cy

X X X ◦ X






Conclusion I

Successfully ‘achieved restricted usage of anonymouscredentials in VANET’.

Successfully ‘detected the fraud of overspending anonymouscredentials by vehicles’.

Successfully ‘achieved revocation of the defaulter vehicle’sanonymous credential’.

Challenge in the usage of the proposed protocols in VANETdue to:

Performance overhead of the protocolsSigned message size






Future work I

Signing and Verifying protocol must be optimized to reducethe execution time

Revocation protocol performance and strategy must beoptimized

Credential update should be made compulsory for the vehicle(Specially for revocation)





Bibliography I

Handbook of Applied Cryptography, Alfred. J. Menezes, Paul C. van Oorschot, Scott A. Vanstone

(http://cacr.uwaterloo.ca/hac/).

SECURITY WITHOUT IDENTIFICATION: TRANSACTION SYSTEMS TO MAKE BIG BROTHER

OBSOLETE, DAVID CHAUM, Communications of the ACM, October 1985, Volume 28, Number 10.

Privacy Requirements in Vehicular Communications Systems, Florian Schaub, Zhendong Ma, and Frank

Kargl, Institute of Media Informatics, Ulm University, Germany.

A signature scheme with efficient protocols. Jan Camenisch and Anna Lysyanskaya. In Stelvio Cimato,

Clemente Galdi, and Giuseppe Persiano, editors, Security in Communication Networks, Third InternationalConference, SCN 2002, volume 2576 of Lecture Notes in Computer Science, pages 268-289. SpringerVerlag, 2003.

An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation, Jan

Camenisch1, Anna Lysyanskaya2,1 IBM Research, Zurich Research Laboratory CH-8803, Ruschlikon,2 MITLCS, 545 Technology Square, Cambridge, MA 02139 USA.

Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation, Jan

Camenisch and Anna Lysyanskaya. In Birgit Pfitzmann, editor, Advances in Cryptology — EUROCRYPT2001, volume 2045 of Lecture Notes in Computer Science, pages 93-118. Springer Verlag, 2001.


http://cacr.uwaterloo.ca/hac/




Bibliography II

PRIME - Privacy and Identity Management for Europe. https://www.prime-project.eu/ Last Access:

June 25, 2012.

IBM software safeguards consumer identity on the Web, IDEMIX,

http://www.zurich.ibm.com/news/07/idemix.html and official Idemix blog: http://idemix.wordpress.com/Last Access: June 25, 2012.

Design and Implementation of the idemix Anonymous Credential System, Jan Camenisch and Els Van

Herreweghen, IBM Research, Zurich Research Laboratory, Switzerland.

Specification of the Identity Mixer Cryptographic Library, Version 2.3.3, IBM Research - Zurich, June 3,

2011.

Idemix Java library source download https://prime.inf.tu-dresden.de/idemix/ Last Access: June 25,

2012.

How to Explain Zero-Knowledge Protocols to Your Childern. QuisQuater Jean-Jacques(1), Myriam, Muriel,

Michael GUILLOU Louis(2), Marie Annick, Gaıd, Anna, Gwenole, Soazig in collaboration with Tom

BERSON(3) for the English version. (1) Philips Research Laboratory, Avenue Van Becelaere, 2, B-1170

Brussels, Belgium. (2) CCETT/EPT, BP 59, F-35512 Cesson Sevigne, France. (3) Anagram Laboratories,P.O. Box 791, Palo Alto CA 94301, USA.


https://www.prime-project.eu/

http://www.zurich.ibm.com/news/07/idemix.html

http://idemix.wordpress.com/

https://prime.inf.tu-dresden.de/idemix/




Bibliography III

Threshold Anonymous Announcement in VANETs, March 2011, Liqun Chen Member, IEEE Hewlett

Packard Labs, Bristol, United Kingdom, Siaw-Lynn Ng, Department of Mathmatics, Royal Holloway,University of London, Egham, Surrey, United Kingdom and Guilin Wang, School of computer Science andSoftware Engineering, University of Wollongong, NSW, Australia.

DAA: Fixing the pairing based protocols. L. Chen, P. Morrissey and N. P. Smart. Cryptology ePrint Archive:

Report 2009/198, Withdrawn due to Major Flaw from http://eprint.iacr.org/2009/198 Last Access:June 25, 2012

K-times anonymous authentication (extended abstract). I. Teranishi, J. Furukawa, and K. Sako. Internet

Systems Research Laboratories, NEC Corporation 1753 Shimonumabe, Nakahara-Ku, Kawasaki 211-8666,Japan.

Commitment schemes and zero-knowledge protocols, 2007, I. Damgard and J. B. Nielsen.

A GENERIC PUBLIC KEY INFRASTRUCTURE FOR SECURING CAR-TO-X COMMUNICATION. Norbert

Bißmeyer1, Hagen Stubing2, Elmar Schoch3, Stefan Gotz4, Jan Peter Stotz1, Brigitte Lonc5. 1 FraunhoferSIT, Secure Mobile Systems, 64295 Darmstadt, Germany. 2 Adam Opel AG, Active Safety, 65423Russelsheim, Germany,3Volkswagen AG, Security and Connectivity, 38436 Wolfsburg, Germany,4Continental Teves AG & Co. oHG, Connected Systems, 60488, Frankfurt/Main, Germany, 5RENAULTS.A.S., Electronic Systems Engineering Department, 1 Avenue du Golf, 78288 Guyancourt Cedex, France.


http://eprint.iacr.org/2009/198




Bibliography IV

Analysis of Revocation Strategies for Anonymous Idemix Credentials, Jorn Lapon1, Markulf Kohlweiss3,

Bart de Decker2, and Vincent Naessens1, 1Katholieke Hogeschool Sint-Lieven, Industrial Engineering, 2

Katholieke Universiteit Leuven, CS-DISTRINET, 3 Microsoft Research, Cambridge.

Signature Schemes and Applications to Cryptographic Protocol Design. Anna Lysyanskaya. Ph.D. thesis,

Massachusetts Institute of Technology, September 2002.

Theft and Misuse Protection for Anonymous Credentials, Patrick Bichsel, Master Thesis MA-2007-42, June

2007 to November 2007, ETH, Switzerland.

Master Thesis KATHOLIEKE UNIVERSITEIT LEUVEN: Smart Card Implementation of Anonymous

Credentials, Josep Balasch, 2007 - 2008, Promotor: Prof. Dr. Ir. Bart Preneel.

Smart card integration in the pseudonym system idemix, Luuk Danes, Master Thesis 18 December 2007,

University of Groningen, faculty of mathematics and natural sciences.

How to Win the Clone Wars: Efficient Periodic nTimes Anonymous Authentication, Jan Camenisch1, Susan

Hohenberger1, Markulf Kohlweiss2, Anna Lysyanskaya3, Mira Meyerovich3, 1Zurich Research Lab IBMResearch, 2Dept. of Electrical Engineering, Katholieke Universiteit Leuven, 3Computer Science Dept.,Brown University.





Bibliography V

V-tokens for Conditional Pseudonymity in VANETs. Florian Schaub∗, Frank Kargel†, Zhendong Ma∗, and

Michael Weber∗. ∗Institute of Media Informatics, Ulm University, Germany, † Distributed and EmbeddedSecurity, University of Twente, The Netherlands.

A Restricted Multi-show Credential System and Its Application on E-Voting, Joseph K. Liu1 and Duncan S.

Wong2, 1Department of Information Engineering, The Chinese University of Hong Kong Shatin, HongKong, 2Department of Computer Science, City University of Hong Kong Kowloon, Hong Kong.

Anonymous k-Show Credentials, Mohamed Layouni and Hans Vangheluwe, School of Computer Science,

McGill University, 3480 University Street, Montreal, H3A 2A7, Quebec, Canada.

An integer commitment scheme based on groups with hidden order. Ivan Damøard and Eiichiro Fujisaki. In

Advances in Cryptology - EUROCRYPT 2000, volume 1807 of Lecture Notes in Computer Sciences, pages431- 444. Springer Verlag, 2000.

Efficient attributes for anonymous credentials. Jan Camenisch and Thomas Gross. In Peng Ning, Paul F.

Syverson, and Somesh Jha, editors, ACS Conference on Computer and communications Security, pages345-356, 2008.

Security Engineering for Vehicular IT Systems, Improving the Trustworthiness and Dependability of

Automotive IT Applications, Marko Wolf.

The Sybil Attack, John R. Douceur, Microsoft Research.





Bibliography VI

How much does software add to the cost of today’s vehicles? How about tomorrow’s electric cars? by

Sebastian Blanco on Jun 8th 2010, at Auto Blog Green: autobloggreen.com

Design of 5.9GHz DSRC-based Vehicular Safety Communication, Daniel Jiang1, Vikas Taliwal1, Andreas

Meier1, Wieland Holfelder1, Ralf Herrtwich2, 1DaimlerChrysler Research and Technology North America,Inc., 2DaimlerChrysler AG, Vehicle IT and Services Research and Advanced Engineering.

DSRC range comparison with FM Radio, cellular Phone, Satellite, Check FAQs,

http://www.leearmstrong.com/DSRC/DSRCHomeset.htm Last Access: June 25, 2012.

Security in Vehicular Ad Hoc Networks, Xiaodong Lin, Rongxing Lu, Chenxi Zhang, Haojin Zhu, Pin-Han

Ho, and Xuemin (Sherman) Shen, University of Waterloo.

Mandatory Enforcement of Privacy policies using Trusted Computing Principles, Frank Kargl, University of

Twente, The Netherlands, Florian Schaub and Stefan Dietzel, Ulm University, Germany, Published in 2010,Association for the Advancement of Artificial Intelligence (www.aaai.org).

Security Engineering for VANETs, Frank Kargl, Zhendong Ma, and Elmar Schoch, Ulm University, Institute

of Media Informatics.

The Security of Vehicular Ad Hoc Networks, Maxim Raya and Jean-Pierre Hubaux, Laboratory of computer

Communications and Applications (LCA), School of Computer and Communication Sciences, EPFL,Switzerland.


http://green.autoblog.com/2010/06/08/how-much-does-software-add-to-the-cost-of-todays-vehicles-how/

http://www.leearmstrong.com/DSRC/DSRCHomeset.htm

www.aaai.org




Bibliography VII

Securing Vehicular Communications, Maxim Raya, Panos Papadimitratos, Jean-Pierre Hubaux, Laboratory

of computer Communications and Applications (LCA), School of Computer and Communication Sciences,EPFL, Switzerland.

Trusted Platform Module (TPM) Main Specification, Online Website: Trusted Computer Group (TCG).

http://www.trustedcomputinggroup.org/resources/tpm_main_specification Last Access: June 25,2012.

Privacy in VANETs using Changing Pseudonyms - Ideal and Real, Matthias Gerlach and Felix Guttler.

M.Sc. Program, High Integrity System, University of Applied Sciences, Frankfurt am Main, Germany:

http://tinyurl.com/high-integrity-systems Last Access: June 25, 2012.

Database Management Systems, Third Edition, Ramakrishnan and Gehrke


http://www.trustedcomputinggroup.org/resources/tpm_main_specification

http://tinyurl.com/high-integrity-systems

Restricted Usage of Anonymous Credentials in VANET for Misbehaviour Detection

Documents

future work

future work

optional anonymity

show credential

vanet players

vanet future

broadcasting

future work