Trust, Security and Privacy in VANETs A Multilayered Security Architecture for C2C-Communication

Size: px
Start display at page:

Download "Trust, Security and Privacy in VANETs A Multilayered Security Architecture for C2C-Communication"

Transcription

1 Trust, Security and Privacy in VANETs A Multilayered Security Architecture for C2C-Communication Frederic Stumpf, Lars Fischer and Claudia Eckert Research Group IT-Security, Department of Computer Science, Technische Universität Darmstadt, Germany. Abstract. Dieser Beitrag stellt ein mehrschichtiges Protokoll zur Übermittlung von Sicherheitsmeldungen in Fahrzeugnetzen vor. Es gewährleistet dabei die Anonymität der Fahrzeughalter und verhindert dadurch, dass unerlaubt Bewegungsprofile eines Fahrzeuges erstellt werden können. Gleichzeitig implementiert das Protokoll einen Mechanismus, der erlaubt die Anonymität aufzuheben, was es ermöglicht ein Fahrzeug aus dem Fahrzeugnetz zu isolieren. Aufgrund der Tatsache, dass Verkehrsnachrichten äußerst sensible und kritische Informationen enthalten, ist es von entscheidender Bedeutung, dass die vom Fahrzeug verwendete Software nicht unzulässig manipuliert wurde. Dies würde es ansonsten ermöglichen, dass manipulierte Sicherheitsmeldungen eingespielt werden. Um dies zu verhindern, bedient sich das in diesem Beitrag vorgestellte Protokoll eines zweiten Mechanismus, der sicherstellt, dass nur die Fahrzeuge in der Lage sind, Nachrichten zu verschicken, deren Software nicht manipuliert wurde. 1 Introduction As we move into an era of networked systems, vehicles are also being equipped with wireless communication technologies. Based on these abilities, different vehicles are able to exchange information related to traffic safety and thus increase traffic safety and efficiency. A particular vehicle could for example be warned about danger situations that have been detected by sensors of another vehicle. In this context, we consider multi-hop messages, e.g., Vehicle based Road Condition Warning [1] and single hop messages, e.g., Emergency Electronic Brake Lights [2]. However, the introduction of safety message raises severe security challenges. Since these messages influence the behaviour of critical components, a misuse of safety messages can result in serious accidents. These safety messages require trusted software components to ensure that a particular safety message is based on real events and not injected from a malicious vehicle. Additionally, it is also necessary to have a mechanism that can Appeared in 23. VDI/VW-Gemeinschaftstagung: Automotive Security, pp , Wolfsburg, Germany, VDI-Verlag, 2007

2 2 Stumpf et al. isolate misbehaving vehicles from the network. Compounding this problem is that a vehicle owner could transfer identification data to other vehicles, which undermines the possibility to clearly identify and isolate misbehaving vehicles. As a result, key challenges in architectures that support safety messages arise, such as trustworthiness of the vehicles system components and liability identification [3]. Additionally, problems of privacy and anonymity arise from possible misuse of personal movement data [3]. Examples for such risks are, wrong brakesignals maliciously inserted into the system movement logs of vehicle movements in the hands of a single traffic authority representative. In this paper, we present a multi-layered security protocol that enables a vehicle to take part in Inter-vehicle communication for safety information, while satisfying the above mentioned requirements. Our solution is based on two main schemes: Attestation of virtualized system components and secure revocable anonymous authenticated communication. Virtualization isolates system components, which prevents different system components from influencing each other. It therefore allows encapsulating security-sensitive systems, such as the brake assist system and isolating these systems from others. To ensure that sensitive software components are untampered, they are measured by a hardware-based, tamper-resistant measuring engine (TPM) and the obtained results are stored in a protected storage. These measurements are then reported to remote entities (remote attestation) [4], e.g., during the anonymity protected certificate issuance of a communication protocol to prove that the measured soft- and hardware components are in a trusted state. An Inter-vehicle communication protocol should use methods to increase unlinkability of distinct messages. Our certification protocol utilises revocable blinded signatures and shared secrets to provide an adjustable tradeoff between authenticity and privacy. Tracing requests by the traffic authorities are fulfilled by mapping certificates to identities of vehicle owners by shared secret interpolation. This process enforces the many-eye principle to protect the user s privacy while ensuring that the traffic authorities are able to trace and exclude rogue vehicles. This paper is structured as follows. In section 2 we provide an overview on trusted computing and a communication scenario. We provide a brief overview of trusted computing and explain the scenario in Section 2. In Section 3 we describe our already proposed protocol for obtaining a certificate to transmit safety messages and perform a threat analysis. This section is followed by Section 4 which extends the presented protocol with additional mechanisms to ensure that the vehicle s software is trusted. Section 5 discusses some open issues and the mechanisms of our introduced protocol. Section 6 reviews related work and Section 7 provides concluding remarks.

3 Trust, Security and Privacy in VANETs 3 2 Basics and Scenario In this section we first give a broad overview of Trusted Computing, which is necessary to understand our approach. In the second part, we explain the setting and assumptions for our work. 2.1 Trusted Computing The core component of trusted computing is the Trusted Platform Module (TPM) [5]. The TPM can be viewed as functionally equivalent to a high-end smart card, and is soldered to the motherboard of a platform. The TPM serves as a root of trust within the platform and provides the following functionality: registers for recording platform state; a means of reporting platform state to remote entities; secure volatile and non-volatile memory; random number generation; a SHA-1 hashing engine; and asymmetric key generation, encryption and digital signature capabilities. Tampering with the TPM is generally difficult, since it is implemented in tamper resistant hardware. The registers responsible for recording platform state, a.k.a. Platform Configuration Registers (PCRs), are of particular interest to us. These registers are initialized on startup and used to store software integrity values. Before execution, a software component s execution is recorded by the stored measurement log (SML) and measured by the TPM. The measurement made by the TPM is written to a specific PCR by combining a hash of the software component with the previous value of the PCR. The following function is used to calculate the value for PCR register N, where SHA1 refers to the cryptographic hash function used by the TPM and denotes a concatenation: Extend(P CR N, value) = SHA1(P CR N value) (1) In order to establish trust in a computer system, a trusted computing enhanced system will measure and store the boot sequence of a platform. When turning on a computer, the Core Root of Trust Measurement (CRTM), which resides in the BIOS, is the first component to be executed. The CRTM then measures itself and the BIOS, and hands over control to the next software component in the boot chain. This process continues for every component involved in the boot sequence of a platform. Through the process of remote attestation a subset of the values stored in the PCRs, combined with the SML, can be used to demonstrate to a remote entity that a platform is currently in a particular state. In order to guarantee the authenticity of this attestation, PCRs are signed with a nonmigratable TPM signing key, called an Attestation Identity Key (AIK). An AIK is generated on a TPM and certified by a trusted third party, typically called a Privacy-CA, or signed via a Direct Anonymous Attestation protocol [6]. With the obtained (proof) certificate, a remote platform can compare the signed values with reference values, to check whether the platform is in a trusted state or not.

4 4 Stumpf et al. 2.2 Scenario The topic of this paper is secured and anonymous vehicular event message communication. We assume that all vehicles are equipped with means to send and receive messages on a shared broadcast medium. Vehicles recognise events, for example emergency brakes or hazardous road conditions through on-board sensors. The Information about those events is broadcasted in event messages to the vehicular network. Depending on the nature of the event, an event message may be relayed by other vehicles. Rogue vehicles emit faulty event messages because their soft- or hardware is broken or has been (maliciously) been tampered with. Event messages contain positional information and therefore could betray the vehicle s itinerary. The objectives of the protocol proposed herein are directly adapted to this scenario. Due to severe consequences of false event messages, authorization and nonrepudiability of these messages must be ensured. In order to protect the driver s privacy, tracking of vehicles through these messages has to be prevented. Messages have to be as small as possible to reduce the transmission time, for example in case of two approaching vehicles. The traffic authorities grant authorization and isolate vehicles that produce faulty event messages. They have to be able to map event messages to vehicle identities and to trace a vehicles itinerary in case of detection of malicious behaviour. Rogue vehicles have to be isolated within a previously chosen maximum isolation time interval. Certificate Revocation Lists (CRLs) are avoided, since this method does not scale well for large networks and tight time constraints. Every vehicle is equipped with an On-Board Unit (OBU) and a Trusted Platform Module (TPM). We assume that the TPM behaves as expected. All vehicles run a virtualized environment that makes use of the TPM. This allows reporting the state of one isolated environment to a remote entity. Examples for such systems are the microkernel-based Turaya kernel [7,8] or Xen-based approaches [9,10]. Both approaches could be used in vehicles, since they are capable of running on embedded controllers such as ARM. The software stack that is responsible for generating safety messages is situated in the OBU. The OBU is produced by a car manufacturer and is equipped with an OBU Certificate for authentication. To reduce the complexity and the number of involved certificates, the OBU can also inherit keys that are protected by the Trusted Platform Module. Additional certificates for authenticating a particular OBU can thus be omitted. We assume that a second method of communication can be used to contact traffic authorities. This second communication medium is used relatively infrequent and has less strict constraints on time and bandwidth, for example WLAN inside a garage. The privacy within this scenario consists of two sub-problems. The Unlinkability as defined in [11], is one of the main topics in our work. The Untraceability describes in this context the unlinkability of event messages and is out of scope of this paper. Nevertheless one purpose of this work is to enable frequent pseudonym changes. Example for such concepts are frequent key changes

5 Trust, Security and Privacy in VANETs 5 as proposed in [12] and the introduction of random silence periods as proposed in [13]. Both concepts can be used independently. 3 Protocol Overview This section gives a short overview of our protocol for secure and privacy protected Inter-vehicle communication. The concept is called Secure Revocable Anonymous Authenticated Inter-Vehicle Communication (SRAAC) and has been introduced in [14]. It is based on the distributed magic-ink signatures introduced by Jakobsson and Yung [15]. Unlike other blinded signature schemes, the scheme presented by Jakobsson and Yung offers the possibility to unblind a signed message by the signer, thus allowing a quorum of servers to produce a signature and a possibly different quorum to unblind a signature. After we have introduced the main concepts of this protocol, we will perform a threat analysis and will show which challenges exist that are solved by our contribution. 3.1 SRAAC SRAAC requires an infrastructure consisting of three main entities, Authentication Authority (AA), On-Board-Units (OBU) which are part of the vehicles and the Inter-Vehicle Communication Certificate Servers (ICS). The AA issues a unique certificate to every OBU and is able to identify and authenticate the holder of a certificate. Inter-Vehicle Communication Certificate Servers (ICS) are responsible for blindly signing and issuing Inter-Vehicle Communication Certificates (IVC), which are used as credentials to authorise an OBU to emit Inter- Vehicle Event Messages. The IVC are signed blindly using the magic ink scheme. The steps for obtaining an IVC are depicted in Figure 1. All ICS, which are denoted as S i, have previously generated an asymmetric key pair (x, y) where x is a shared secret between the servers and y the corresponding public key. The protocol will generate a DSS signature [16] (r, s) on a message k, where k is the issued IVC certificate consisting of validity time and public key. This signed IVC is then used by the OBU for Inter-vehicle communication. x mod y is denoted [x] y in the following calculations. Please refer to [14],[15] for further details. Described below is a protocol to distributedly calculate an IVC certificate for an OBU through a quorum Q of n servers S i. Under normal conditions all available ICS are part of the quorum. The OBU has been authenticated in advance by the AA and has established confidential and secure communications with each server ((1) and (2) in Figure 1). Data on the values of n, t, g, p, q had been agreed upon by the servers and communicated to the OBU. t n is the number of servers required to recover the anonymity revocation key x t. The variables g, p, q are public parts in DSS [17] where p is prime and has length l, where l is a multiple of 64 and 512 l q is a prime divisor of p 1 and g is an element of order q in Z q. step 1 In advance all S i randomly pick two random secrets k, and a from two (t n, n) secret sharing schemes in Z q [18]. The resulting shares held by S i

6 6 Stumpf et al. AA Authorization Request (1) ICS ICS... ICS Ticket, blinded IVC shares (3) Blinded, signed IVC (4) Ticket (2) Inter vehicle event message (5) Fig. 1. Protocol steps in SRAAC are denoted k i and a i. The S i generate a zero-sharing (2t, n) where each S i has knowledge of share b i and a (3t n, n) zero-sharing where each S i has knowledge of share c i. Each server S i then computes and broadcasts v i := [(k i a i + b i )] q and A i := [g ai ] p to the quorum. step 2 The servers calculate v and A by shared secret interpolation from the received values v i and A i and send r := [A v 1 ] p to the OBU. step 3 The OBU wants a public key k Z q to be signed blindly by the servers. It generates two random blinding factors α, β Z q. Then it computes r := [[r β ] p ] q, µ := [kα] q and ρ := [rα] q. Afterwards, it computes a (t, n) secret sharing (µ 1,..., µ n ) of µ, with public information g µi and another (t, n) secret sharing (ρ 1,..., ρ n ) of ρ with public information h ρi. The share (µ i,ρ i ) is then send to each S i. See [19] for further reference on verifiable secret sharings. step 4 The quorum interpolates and stores tag := [(g µ, h ρ )] q without revealing the individual shares. The blinded signature σ is generated by interpolation of σ := [k(µ + xρ)] q and send to the OBU. step 5 The OBU unblinds the signature by calculating s := [σα 1 β 1 ] q and verifies the triple (k, r, s) is a valid signature. The OBU is now in possession of an IVC certificate signed by the authorities shared DSS-key x. The ICS quorum knows tag and the ticket, which can in collusion with the AA be linked to a specific OBU. Thus a signed certificate (k, r, s) can be traced based on the verification of an undeniable signature. Again, refer to [15] for details. 3.2 Security Threats in SRAAC In this section, we evaluate possible attacks on SRAAC as well as possible attacks on safety messages. The following attacks are possible if an attacker is able to manipulate the program code of the vehicle s software.

7 Trust, Security and Privacy in VANETs 7 Arbitrary Validity Time Since the validity time of the Inter-Vehicle Communication Certificates (IVC) is chosen by the OBU, a manipulated OBU is able to insert arbitrary validity times. A manipulated vehicle can therefore specify a very long validity time, leaving the traffic authorities with no way to isolate a maliciously misbehaving OBU. This flaw has already been discussed in [14]. OBU Collusion Attack The second problem of SRAAC is a collusion attack wherein a group of manipulated OBUs communicate and generate equal IVC input parameters. The OBUs are manipulated in a way that they do not use randomised input for calculation of the keying-material for the IVC but external input, e.g., keying-material distributed by an adversary to the set of colluding OBUs. In effect this creates a set of vehicles that cannot be distinguished in case of a privacy revocation leaving the legal prosecution or the isolation of vehicle useless. Injecting False Safety Messages The SRAAC protocol offers a secure way to isolate misbehaving vehicles. Unfortunately, this process is only a reactive service and can not directly prevent that a vehicle injects malicious safety messages. An attacker might therefore manipulate his own soft- and hardware components and inject messages that are based on false or non-existing events. 4 Trusted Secure Revocable Anonymous Authenticated Inter-Vehicle Communication (T-SRAAC) To prevent attacks that are based on tampering with the software running on the vehicles, we integrate so called Trusted Inter-Vehicle Communication Certificates (T-IVC). The underlying concept is a ticket-based remote attestation [10], which allows to ensure that a platform has received attestation and is able to proof this attribute. For this purpose, the AA verifies the trustworthiness of the vehicle s software and issues a ticket that vouches for the trustworthiness of the vehicle s software. This ticket is then used to obtain a T-IVC. Both issued credentials (AA ticket and T-IVC) are cryptographically bound to the attested vehicle. A vehicle is therefore only able to transfer safety messages, if his current platform configuration still matches the platform configuration from the time, as when the ticket was issued. If an adversary tampers with the software configuration of the vehicle, he is not able to transmit safety messages, since he is not able to access the keys linked to his T-IVC. 4.1 T-SRAAC Protocol All vehicles are equipped with a Trusted Platform Module (TPM) and run a virtualization-based environment. Inside the virtualization-based environment, a measurement engine measures every compartment before execution and stores

8 8 Stumpf et al. the resulting values inside the TPM. To achieve strong isolation between different software components and to isolate security-sensitive applications from non-security sensitive, every security sensitive application runs in its own compartment. For safety applications it is only required to ensure the trustworthiness of compartments that are able to alter safety related event messages. Processes of this type are the software for controlling the sensors as well as the OBU that implements the communication protocol for safety messages and is responsible for transferring safety messages. The TPM therefore only measures compartments whose processes take part in the issuance of an IVC or are involved in the creation of event messages. The TPM is embedded in our enhanced protocol for secure and privacy protected Inter-vehicle communication as shown in Figure 2. For the sake of simplicity not all steps of the SRAAC protocol of Section 3.1 are integrated in this Figure. To obtain an IVC, the vehicle must prove that his platform configuration is in a trusted system state. For this purpose, the TPM creates an asymmetric key-pair that is directly bound to its platform configuration by specifying the PCRs that include the measured compartments that are involved in Inter-vehicle communication (step 1). The TPM then generates an asymmetric key pair using the physical random number generator of the TPM, encrypts this key with the Storage Root Key (SRK), and transfers the encrypted package (i.e., public key (PK) and encrypted secret key (SK )) to the OBU (steps 2-4). The public part of the generated key is then signed with an attestation identity key (AIK) of the TPM. This proves that the corresponding key-pair is held in the protected storage of a valid TPM and that the generated key is bound to a set of PCRs (steps 5-7). The OBU then transfers the stored measurement log (SML), the AIK-Credential (Cert IK ), the certificate of the generated key (Cert P K ) and authentication data to the AA. After the OBU has been authenticated, the AA verifies whether the platform configuration the Cert P K is bound to is trusted, based on the received SML and the received credentials. If the platform configuration is trusted, i.e. the involved isolated compartments are untampered, the AA issues a ticket which is signed by the private key of the AA and contains the PK and a timestamp (steps 9-11). The ticket is then transferred to the vehicle and encrypted with the PK (step 12). The OBU of the vehicle transfers the encrypted package to the TPM for encryption (step 13). The TPM is able to decrypt this package if the current platform configuration still matches the platform configuration when the key was first generated (steps 14-17). The TPM then generates and cryptographically binds a second key pair which is later used as public key for the certificate. Please note, that the PK can not be used for that purpose, since this key won t allow a privacy protected and pseudonymous communication with vehicles. The generated key is encrypted with the SRK and transferred to the OBU (steps 19-21). The generated public key (IVC-PK ) is then blinded using blinding factors α and β Z q (r := [[r β ] p ] q, µ := [kα] q and ρ := [rα] q ) and transferred together with the decrypted ticket to the ICS (step 22, Compare step 3 of Section 3.1). The different ICS then execute the quorum based blinded signature phase

9 Trust, Security and Privacy in VANETs 9 as introduced in Section 3.1 on this ticket and transfer the created and still blinded T-IVC back to the vehicle (steps 24-25). Note that this blinded T-IVC is encrypted with the certified PK of the vehicle. It can therefore only be decrypted if the vehicle still matches the initial platform configuration (steps 25-39). The vehicle can now unblind the blinded T-IVC and is now in possession of a T-IVC credential. Vehicle ICS n AA OBU TPM Create Binding Key (PCRs[0.23]) (1) PK and SK (4) Generate SK and PK (2) SK =encryptsrk[sk] (3) Certify Key (PK) (5) Validate CertIK, CertPK (9) Verify Platform Configuration (10) Create Ticket: T= signaa[timestamp, PK] (11) CertIK and CertPK,SML (8) CertPK (7) {T}PK (12) Decrypt[{T}PK, SK ] (13) T (17) CertPK=SignIK [PK] (6) Verify Platform Configuration (14) SK=Decrypt[SK, SRK] (15) Decrypt(Encrypt[T, SK ], SK) (16) Create Binding Key (PCRs[0.23]) (18) Validate T Create T-IVC (23): T-IVC = signics[blinded(ivc-pk)] T, blinded(ivc-pk) (22) {T-IVC}PK (24) IVC-PK and IVC-SK (21) Decrypt[{T-IVC}PK, SK ] (25) blinded(t-ivc) (29) Generate IVC-SK and IVC-PK (19) IVC-SK =encryptsrk[ivc-sk] (20) Verify Platform Configuration (26) SK=Decrypt[SK, SRK] (27) Decrypt({T-IVC}PK, SK) (28) Fig. 2. Trusted SRAAC All event messages are signed with the secret key (IVC-SK ) that corresponds to a T-IVC. Since this secret key is protected by the TPM and bound to a specific platform configuration, a vehicle can only create event messages if its configuration is still in the same state as when the configuration was first verified. The signed event messages are then verified by another vehicle using the transferred T-IVC. Every OBU has to know the public key of the ICS and is thus able to verify the signature of a received IVC. 4.2 T-IVC Certificate The T-IVC is a credential that proves that the OBU is authorised by the traffic authorities to emit event messages. The corresponding RSA secret key is used to sign every safety message. Since any verification must be self-contained and autonomous, no communication to any other third instance is possible. This leads

10 10 Stumpf et al. to the fact, that neither the Online Certification Status Protocol nor Certificate Revocation Lists can be used. The link between a T-IVC and the certification process where the T-IVC was obtained can only be established by a quorum of t ICS. The certification process can than be linked to a vehicle identity by the AA. A T-IVC comprises of the following data. The generated TPM RSA public key IV C P K A validity time, validity A DSS signature (r, s) on the hash-value of the complete certificate The public keys of the DSS signature (y, g, p, q) 5 Discussion T-SRAAC enables privacy protected vehicular communication with the ability to revoke privacy. This revocation is protected against misuse by the enforcement of the many-eye-principle through a secret sharing scheme. The authorities are able to isolate an OBU and deny the authorization for further message emission through privacy revocation. Isolation is enforced by the Authentication Authority by refusing to provide new tickets. We will now provide an analysis of the threats that exists in inter-vehicle communication and will show how these threats are prevented by our protocol. This analysis is based on a classification of attackers and resulting attacks in Inter-vehicle communication as introduced in [20]. For this purpose, attackers are classified in four groups. Group 1 has a programmable radio transmitter/receiver. Group 2 has access to an un-modified OBU and can manipulate certain inputs, e.g., sensors. Group 3 controls a modified OBU and can obtain some keying material. Group 4 attackers have access to records and equipment of the infrastructure operators. T-SRAAC directly hinders attackers of group 3 and 4. Group 4 attackers need to control at least t of n ICS to revoke the privacy of given certificates. T-SRAAC thus allows a controlled risk against group 4 by choosing appropriate t and n. Attackers of class 3 are not able to access keying material, since the TPM prevents a modified OBU from using protected keys. Attackers of group 1 are countered by authorization of event messages. A particular vehicle is only able to transfer safety messages, if the validity time of the issued T-IVC is still valid and if the vehicle s software is still in the same system state as when the ticket was first issued. This mechanism prevents that a vehicle owner is able to transfer safety messages after he has tampered with his vehicle s software. The verification of the trustworthiness of the vehicle s software ensures that the OBU uses the physical random number generator of the TPM for key generation and that the OBU does insert arbitrary validity times of the T-IVC. To circumvent this mechanism, an adversary might try to compromise his OBU after he has received a ticket that vouches for his trustworthiness. However, this attack is not successful since the adversary must reboot his OBU for this purpose, which on the other hand results in the fact that the knowledge

11 Trust, Security and Privacy in VANETs 11 of the ticket will be lost. An attacker is also not able to relay the obtained T-IVC to other vehicles, since this certificate is directly bound to a specific TPM and therefore only useable by a particular vehicle. Finally, if an attacker of class 2 manipulates input to a vehicle s sensors, an attack that cannot be prevented within a communication protocol, the vehicle can be isolated within appropriate time. The maximum isolation time interval is a parameter controlled by the traffic authorities through the validity time of a T-IVC. 6 Related Work This paper shares most of the security objectives defined by the Vehicle Safety Communications Project in [21]. The main differences are, that we avoid the use of CRLs, we introduce scalable protection against misuse by single, compromised authorities as well as strong protection against OBU manipulation. The majority of related papers agree on the tight constraints on time and bandwidth during Inter-Vehicle safety Communication. Other works not only focus on car-to-car communication, but T-SRAAC can be extended to car-toinfrastructure safety communication as well. Privacy is, among secured and robust communication, a main problem in many papers [22]. Untraceability in vehicular ad hoc networks is topic of various works. In [23] the effectiveness of pseudonym changes is analysed as success rate of an attacker. The size of the set of possible itineraries under different context information is calculated in [24]. In [13] the anonymity set of a certain vehicle at a certain time is used as measure for unlinkability. Virtualization has already been identified to increase the safety of independent software systems running on a vehicle [25]. This property allows to increase the availability and decreases the vulnerability of systems to errors. Scheibel et al. present an architecture for vehicular software protection in [8]. This architecture is based on the L4 microkernel and also makes use of the TPM to ensure that data that is transferred to a vehicle is bound to a particular software configuration. Similar to our approach, this work uses a key that is bound to a certain platform configuration. However, Scheibel et al. does not focus on safety messages and does not show how the TPM could be used for this purpose. Besides hardware-based attestation methods, a number of software-based approaches have been presented [26,27,28] which rely on optimal program code and exact time measurements. These approaches enable software-based attestation by introducing an optimal program verification process that verifies the memory of a platform by calculating hash values of randomly selected memory regions. However, adapting these techniques in Inter-vehicle communication would become very challenging, since these techniques do not allow to bind a cryptographic key to a certain platform configuration.

12 12 Stumpf et al. 7 Conclusion We have presented a multi-layered security protocol that allows a vehicle to receive certificates which are used for transferring traffic safety messages. For this purpose, we have combined a protocol that provides privacy and authorization with concepts that allow to ensure that the software of a particular is in a trusted state. Based on these both concepts, we can ensure that (i) the vehicle s identity and the personal privacy of vehicle owners is protected even against single malicious certification server and (ii) that transferring safety messages is only possible if the vehicle s software has not been tampered with. Both properties are of high security concern, since it must be prevented that malicious safety messages are injected into the network and that a vehicle and its owner can be tracked. Our protocol combines different types of signature schemes. While the TPM is only able to generate RSA signatures, our SRAAC protocol uses the Digital Signature Standard (DSS) [16]. However, although that both signatures can be combined, it might not be very practical to use two different cryptographic approaches to create and verify a signature. Another aggravating factor is that the creation of one 1024 bit signature on a representative TPM takes about 62ms [29], which might be not fast and small enough to be practical. Introduction of faster and smaller cryptographic schemes to the TPM are probably needed to use it in the vehicular context. In the future, we are going to work on these issues and try to analyse the overhead and gain introduced through both concepts. 8 Acknowledgments This work was funded in part by the German Research Foundation (DFG) under grant EC 163/4-1, project TrustCaps. References 1. Kargl, F., Ma, Z., Schoch, E.: Security engineering for vanets. In: 4th Workshop on Embedded Security in Cars (ESCAR 2006). (2006) 2. consisting of BMW, T.C.V.S.C.C., DaimlerChrysler, Ford, GM, Nissan, Toyota, VW: Vehicle safety communications project task 3 final report identify intelligent vehicle safety applications enabled by dsrc. Technical report, National Highway Traffic Safety Administration, U.S. Department of Transportation (2005) 3. Papadimitratos, P., Gligor, V., Hubaux, J.P.: Securing vehicular communications - assumptions, requirements, and principles. In: 4th Workshop on Embedded Security in Cars (ESCAR 2006). (2006) 4. Stumpf, F., Tafreschi, O., Röder, P., Eckert, C.: A Robust Integrity Reporting Protocol for Remote Attestation. In: Second Workshop on Advances in Trusted Computing (WATC 06 Fall). (2006) 5. Trusted Computing Group: Trusted Platform Module (TPM) specifications. Technical report, https://www.trustedcomputinggroup.org/specs/tpm (2006)

13 Trust, Security and Privacy in VANETs Brickell, E., Camenisch, J., Chen, L.: Direct Anonymous Attestation. In: CCS 04: Proceedings of the 11th ACM Conference on Computer and Communications Security, New York, NY, USA, ACM Press (2004) Linnemann, M., Pohlmann, N.: Die vertrauenswürdige sicherheitsplattform turaya. In: DACH Security 2006, Patrick Horster, syssec Verlag (2006) 8. Scheibel, M., Stüble, C., Wolf, M.: Design and implementation of an architecture for vehicular software protection. In: Embedded Security in Cars Workshop (ESCAR 06). (2006) 9. Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vtpm: virtualizing the trusted platform module. In: USENIX-SS 06: Proceedings of the 15th conference on USENIX Security Symposium, Berkeley, CA, USA, USENIX Association (2006) Stumpf, F., Benz, M., Hermanowski, M., Eckert, C.: An Approach to a Trustworthy System Architecture using Virtualization. In: Proceedings of the 4th International Conference on Autonomic and Trusted Computing (ATC-2007). Volume 4158 of Lecture Notes in Computer Science., Hong Kong, China, Springer-Verlag (2007) pp Pfitzmann, A., Hansen, M.: Anonymity, unlinkability, unobservability, pseudonymity, and identity managment - a consolidated proposal for terminology. Technical Report v0.27, TU-Dresden (2006) 12. Raya, M., Hubaux, J.P.: The security of vehicular ad hoc networks. In: SASN 05: Proceedings of the 3rd ACM workshop on Security of ad hoc and sensor networks, New York, NY, USA, ACM Press (2005) Sampigethaya, K., Huang, L., Li, M., Poovendran, R., Sezaki, K.M.K.: Caravan: Providing location privacy for vanet. In: 3rd Workshop on Embedded Security in Cars (ESCAR 2005). (2005) 14. Fischer, L., Aijaz, A., Eckert, C., Vogt, D.: Secure revocable anonymous authenticated inter-vehicle communication (sraac). In: ESCAR Embedded Security in Cars. (2006) 15. Jakobsson, M., Yung, M.: Distributed magic ink signatures. In: Advances in Cryptology - Proceedings of Eurocrypt 97. Volume (1997) 450?? 16. of Standards, U.D.O.C.I., Technology: Digital signature standard (dss). Technical report (2000) 17. National Institute of Standards and Technology (NIST): DIGITAL SIGNATURE STANDARD (DSS). (2000) 18. Shamir, A.: How to share a secret. Commun. ACM 22 (1979) Choc, B., Goldwasser, S., Micali, S., Awerbuch, B.: Verifiable secret sharing and achieving simultaneity in the presence of faults. In: Proceedings of the Annual Symposium on Foundations of Computer Science. (1985) Aijaz, A., Bochow, B., Dötzer, F., Festag, A., Gerlach, M., Kroh, R., Leinmüller, T.: Attacks on intervehicle communication systems - an analysis. In: Proceedings of the 3nd International Workshop on Intelligent Transportation, Hamburg, Germany (2006) 21. US Department of Transportation, National Highway Traffic Safety Administration (NHTSA): Vehicle Safety Communications Project: Final Report, Appendix H: WAVE/DSRC Security. (2005) 22. Doetzer, F.: Privacy issues in vehicular ad hoc networks. In: Workshop on Privacy Enhancing Technologies, Cavtat, Croatia (2005) 23. Buttyán, L., Holczer, T., Vajda, I.: On the effectiveness of changing pseudonyms to provide location privacy in vanets. In: Proceedings of the Fourth European

14 14 Stumpf et al. Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS2007), Springer (2007) 24. Franz, M., Meyer, B., Pashalidis, A.: Attacking unlinkability: The importance of context. In: Proceedings of the Privacy Enhancing Technologies (2007) 25. Elphinstone, K., Heiser, G., Huuck, R., Petters, S.M., Ruocco, S.: L4cars. In: Embedded Security in Cars (ESCAR 2005) Workshop. (2005) 26. Seshadri, A., Perrig, A., van Doorn, L., Khosla, P.: SWATT: Software-based attestation for embedded devices. In: IEEE Symposium on Security and Privacy. (2004) 27. Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems. In: SOSP 05: Proceedings of the twentieth ACM symposium on Operating systems principles, New York, NY, USA, ACM Press (2005) Seshadri, A., Luk, M., Perrig, A., van Doorn, L., Khosla, P.: SCUBA: Secure Code Update By Attestation in sensor networks. In: WiSe 06: Proceedings of the 5th ACM workshop on Wireless security, New York, NY, USA, ACM Press (2006) STMicroelectronics: St19wp18-tpm-c trusted platform module (tpm). Technical report (2004)

Patterns for Secure Boot and Secure Storage in Computer Systems

Patterns for Secure Boot and Secure Storage in Computer Systems Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de

More information

Acronym Term Description

Acronym Term Description This glossary contains definitions of terms created by TCG, or terms that have a particular meaning in trusted computing, or terms that cause particular confusion in trusted computing. Acronym Term Description

More information

Implementation and Evaluation of Certificate Revocation List Distribution for Vehicular Ad-hoc Networks

Implementation and Evaluation of Certificate Revocation List Distribution for Vehicular Ad-hoc Networks Implementation and Evaluation of Certificate Revocation List Distribution for Vehicular Ad-hoc Networks Petra Ardelean advisor: Panos Papadimitratos January 2009 Abstract Vehicular Ad-hoc Networks (VANETs)

More information

Property Based TPM Virtualization

Property Based TPM Virtualization Property Based Virtualization Marcel Winandy Joint work with: Ahmad Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security Chair for System Security Ruhr University Bochum, Germany Sirrix

More information

Certificate Revocation Management in VANET

Certificate Revocation Management in VANET Certificate Revocation Management in VANET Ghassan Samara Department of Computer Science, Faculty of Science and Information Technology, Zarqa University Zarqa, Jordan. Gsamara@zu.edu.jo ABSTRACT Vehicular

More information

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded

More information

Cross-layer Privacy Enhancement and Non-repudiation in Vehicular Communication

Cross-layer Privacy Enhancement and Non-repudiation in Vehicular Communication 4th Workshop on Mobile Ad-Hoc Networks (WMAN), Bern, Switzerland, March 2007 Cross-layer Privacy Enhancement and Non-repudiation in Vehicular Communication Frederik Armknecht 1, Andreas Festag 2, Dirk

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

Secured Data Transmissions In Manet Using Neighbor Position Verfication Protocol

Secured Data Transmissions In Manet Using Neighbor Position Verfication Protocol www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 3 Issue3 March, 2014 Page No. 5067-5071 Secured Data Transmissions In Manet Using Neighbor Position Verfication

More information

Mutual Authentication Cloud Computing Platform based on TPM

Mutual Authentication Cloud Computing Platform based on TPM Mutual Authentication Cloud Computing Platform based on TPM Lei Peng 1, Yanli Xiao 2 1 College of Information Engineering, Taishan Medical University, Taian Shandong, China 2 Department of Graduate, Taishan

More information

A New Security Mechanism for Vehicular Communication Networks

A New Security Mechanism for Vehicular Communication Networks A New Security Mechanism for Vehicular Communication Networks Ghassan Samara Department of Computer Science, Faculty of Science and Information Technology, Zarqa University Zarqa, Jordan. gsamarah@yahoo.com

More information

Improving End-user Security and Trustworthiness of TCG-Platforms

Improving End-user Security and Trustworthiness of TCG-Platforms Improving End-user Security and Trustworthiness of TCG-Platforms Klaus Kursawe, kursawe@acm.org Christian Stüble Saarland University, Germany stueble@acm.org September 29, 2003 Abstract Over the last two

More information

Design of Simple and Efficient Revocation List Distribution in Urban areas for VANET s

Design of Simple and Efficient Revocation List Distribution in Urban areas for VANET s Design of Simple and Efficient Revocation List Distribution in Urban areas for VANET s Ghassan Samara, Sureswaran Ramadas National Advanced IPv6 Center, Universiti Sains Malaysia Penang, Malaysia ghassan@nav6.org,

More information

Attestation and Authentication Protocols Using the TPM

Attestation and Authentication Protocols Using the TPM Attestation and Authentication Protocols Using the TPM Ariel Segall June 21, 2011 Approved for Public Release: 11-2876. Distribution Unlimited. c 2011. All Rights Reserved. (1/28) Motivation Almost all

More information

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution 1 Lecture Embedded System Security Dynamic Root of Trust and Execution Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2014 Dynamic Root

More information

TPM Key Backup and Recovery. For Trusted Platforms

TPM Key Backup and Recovery. For Trusted Platforms TPM Key Backup and Recovery For Trusted Platforms White paper for understanding and support proper use of backup and recovery procedures for Trusted Computing Platforms. 2006-09-21 V0.95 Page 1 / 17 Contents

More information

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications 7 th escar Embedded Security in Cars Conference November 24 25, 2009, Düsseldorf Dr.-Ing. Olaf Henniger, Fraunhofer SIT Darmstadt Hervé

More information

Enhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation

Enhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation Enhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation 1 Agenda EPID overview EPID usages Device Authentication Government Issued ID EPID performance and standardization efforts 2

More information

A Survey on Untransferable Anonymous Credentials

A Survey on Untransferable Anonymous Credentials A Survey on Untransferable Anonymous Credentials extended abstract Sebastian Pape Databases and Interactive Systems Research Group, University of Kassel Abstract. There are at least two principal approaches

More information

Embedding Trust into Cars Secure Software Delivery and Installation

Embedding Trust into Cars Secure Software Delivery and Installation Embedding Trust into Cars Secure Software Delivery and Installation André Adelsbach, Ulrich Huber, Ahmad-Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security, Bochum, Germany Third Workshop

More information

Enforcing Privacy Using Symmetric Random Key-Set in Vehicular Networks

Enforcing Privacy Using Symmetric Random Key-Set in Vehicular Networks Enforcing Privacy Using Symmetric Random Key-Set in Vehicular Networks Yong Xi, Kewei Sha, Weisong Shi and Loren Schwiebert Wayne State University {yongxi,kewei,weisong,loren}@wayne.edu Tao Zhang Telcordia

More information

ASSURING INTEGRITY OF DATAFLOW PROCESSING IN CLOUD COMPUTING INFRASTRUCTURE

ASSURING INTEGRITY OF DATAFLOW PROCESSING IN CLOUD COMPUTING INFRASTRUCTURE ASSURING INTEGRITY OF DATAFLOW PROCESSING IN CLOUD COMPUTING INFRASTRUCTURE R.Genga devi 1, K.Anitha 2, M.Murugeshwari 3,S.vidhya 4, Dr.K.Ramasamy 5 1, 2, 3- UG STUDENT, P.S.R.RENGASAMY COLLEGE OF ENGINEERING

More information

Wireless Network Security 14-814 Spring 2014

Wireless Network Security 14-814 Spring 2014 Wireless Network Security 14-814 Spring 2014 Patrick Tague Class #8 Broadcast Security & Key Mgmt 1 Announcements 2 Broadcast Communication Wireless networks can leverage the broadcast advantage property

More information

Cisco Trust Anchor Technologies

Cisco Trust Anchor Technologies Data Sheet Cisco Trust Anchor Technologies Overview Cisco Trust Anchor Technologies provide the foundation for trustworthy systems across Cisco. The Cisco Trust Anchor and a Secure Boot check of signed

More information

William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly

William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly Ramesh Karri (rkarri@poly.edu) Associate Professor, Electrical and Computer Engineering NYU-Poly Why is cyber

More information

Strengthen RFID Tags Security Using New Data Structure

Strengthen RFID Tags Security Using New Data Structure International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University

More information

Capture Resilient ElGamal Signature Protocols

Capture Resilient ElGamal Signature Protocols Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department

More information

Securing Wireless Access in Vehicular Environments (WAVE) Infrastructure and Operations Support Systems(OSS) Architecture

Securing Wireless Access in Vehicular Environments (WAVE) Infrastructure and Operations Support Systems(OSS) Architecture IEEE GLOBECOM Design and Developers Forum Securing Wireless Access in Vehicular Environments (WAVE) Infrastructure and Operations Support Systems(OSS) Architecture Tim Weil CISSP, CISA Booz Allen Hamilton

More information

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS Abstract: The Single sign-on (SSO) is a new authentication mechanism that enables a legal user with a single credential

More information

Securing Wireless Access for Vehicular Environments (WAVE)

Securing Wireless Access for Vehicular Environments (WAVE) Securing Wireless Access for Vehicular Environments (WAVE) May 7, 2009 CTST, New Orleans Tim Weil CISSP/CISA Security Architect ITS Engineering Booz Allen Hamilton 0 The concept of VII started upon the

More information

RSA Attacks. By Abdulaziz Alrasheed and Fatima

RSA Attacks. By Abdulaziz Alrasheed and Fatima RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.

More information

Hardware Security Modules for Protecting Embedded Systems

Hardware Security Modules for Protecting Embedded Systems Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &

More information

Hardware Security for Device Authentication in the Smart Grid

Hardware Security for Device Authentication in the Smart Grid Hardware Security for Device Authentication in the Smart Grid Andrew J. Paverd and Andrew P. Martin Department of Computer Science, University of Oxford, UK {andrew.paverd,andrew.martin}@cs.ox.ac.uk Abstract.

More information

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS Prof. Dr.-Ing. Georg Sigl Institute for Security in Information Technology Technical University Munich sigl@tum.de Fraunhofer Research Institution

More information

Vehicular On-board Security: EVITA Project

Vehicular On-board Security: EVITA Project C2C-CC Security Workshop 5 November 2009 VW, MobileLifeCampus Wolfsburg Hervé Seudié Corporate Sector Research and Advance Engineering Robert Bosch GmbH Outline 1. Project Scope and Objectives 2. Security

More information

Efficient construction of vote-tags to allow open objection to the tally in electronic elections

Efficient construction of vote-tags to allow open objection to the tally in electronic elections Information Processing Letters 75 (2000) 211 215 Efficient construction of vote-tags to allow open objection to the tally in electronic elections Andreu Riera a,,joseprifà b, Joan Borrell b a isoco, Intelligent

More information

TELECOMMUNICATION NETWORKS

TELECOMMUNICATION NETWORKS THE USE OF INFORMATION TECHNOLOGY STANDARDS TO SECURE TELECOMMUNICATION NETWORKS John Snare * Manager Telematic and Security Systems Section Telecom Australia Research Laboratories Victoria TELECOMMUNICATIONS

More information

Problems of Security in Ad Hoc Sensor Network

Problems of Security in Ad Hoc Sensor Network Problems of Security in Ad Hoc Sensor Network Petr Hanáček * hanacek@fit.vutbr.cz Abstract: The paper deals with a problem of secure communication between autonomous agents that form an ad hoc sensor wireless

More information

Opal SSDs Integrated with TPMs

Opal SSDs Integrated with TPMs Opal SSDs Integrated with TPMs August 21, 2012 Robert Thibadeau, Ph.D. U.S. Army SSDs Must be Opal s We also Studied using the TPM (Trusted Platform Module) with an Opal SSD (Self-Encrypting Drive) 2 Security

More information

vtpm: Virtualizing the Trusted Platform Module

vtpm: Virtualizing the Trusted Platform Module vtpm: Virtualizing the Trusted Platform Module Stefan Berger Ramón Cáceres Kenneth A. Goldman Ronald Perez Reiner Sailer Leendert van Doorn {stefanb, caceres, kgoldman, ronpz, sailer, leendert}@us.ibm.com

More information

Security Challenges And Implementation Mechanism For Vehicular Ad Hoc Network

Security Challenges And Implementation Mechanism For Vehicular Ad Hoc Network Security Challenges And Implementation Mechanism For Vehicular Ad Hoc Network Mostofa Kamal Nasir, A.S.M. Delowar Hossain, Md. Sazzad Hossain, Md. Mosaddik Hasan, Md. Belayet Ali Abstract: - Vehicular

More information

Secure Data Management in Trusted Computing

Secure Data Management in Trusted Computing 1 Secure Data Management in Trusted Computing Ulrich Kühn Deutsche Telekom Laboratories, TU Berlin Klaus Kursawe (KU Leuven) Stefan Lucks (U Mannheim) Ahmad-Reza Sadeghi (RU Bochum) Christian Stüble (RU

More information

Embedded Trusted Computing on ARM-based systems

Embedded Trusted Computing on ARM-based systems 1 / 26 Embedded Trusted Computing on ARM-based systems Martin Schramm, M.Eng. 10.04.2014 Agenda 2 of 26 martin.schramm@th-deg.de Embedded computing platforms have become omnipresent intend to alleviate

More information

A Digital Signature Scheme in Web-based Negotiation Support System

A Digital Signature Scheme in Web-based Negotiation Support System A Digital Signature Scheme in Web-based Negotiation Support System Yuxuan Meng 1 and Bo Meng 2 1 Department of Computer Science, University of Saskatchewan, Saskatoon, Saskatchewan, S7N 5C9, Canada yxmeng68@yahoo.ca

More information

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT

More information

An Internet Based Anonymous Electronic Cash System

An Internet Based Anonymous Electronic Cash System Research Paper American Journal of Engineering Research (AJER) e-issn: 2320-0847 p-issn : 2320-0936 Volume-4, Issue-4, pp-148-152 www.ajer.org Open Access An Internet Based Anonymous Electronic Cash System

More information

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 1 Royal Holloway, University of London 2 University of Strathclyde ABSTRACT Future mobile

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

Information & Communication Security (SS 15)

Information & Communication Security (SS 15) Information & Communication Security (SS 15) Electronic Signatures Dr. Jetzabel Serna-Olvera @sernaolverajm Chair of Mobile Business & Multilateral Security Goethe University Frankfurt www.m-chair.de Agenda

More information

Threat Model for Software Reconfigurable Communications Systems

Threat Model for Software Reconfigurable Communications Systems Threat Model for Software Reconfigurable Communications Systems Presented to the Management Group 6 March 007 Bernard Eydt Booz Allen Hamilton Chair, SDR Security Working Group Overview Overview of the

More information

The relevance of cyber-security to functional safety of connected and automated vehicles

The relevance of cyber-security to functional safety of connected and automated vehicles The relevance of cyber-security to functional safety of connected and automated vehicles André Weimerskirch University of Michigan Transportation Research Institute (UMTRI) February 12, 2014 Introduction

More information

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate

More information

Efficient Certificate Management in VANET

Efficient Certificate Management in VANET Efficient Certificate Management in VANET Ghassan Samara #1, Wafaa A.H. Al-Salihy *2, R. Sures #3 # National Advanced IPv6 Center, Universiti Sains Malaysia Penang, Malaysia 1 ghassan@nav6.org, 3 sures@nav6.org

More information

Authentication Application

Authentication Application Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be

More information

Introduction. Digital Signature

Introduction. Digital Signature Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology

More information

Mix-Zones for Location Privacy in Vehicular Networks

Mix-Zones for Location Privacy in Vehicular Networks Mix-Zones for Location Privacy in Vehicular Networks Julien Freudiger, Maxim Raya, Márk Félegyházi, Panos Papadimitratos and Jean-Pierre Hubaux EPFL, Switzerland firstname.lastname@epfl.ch ABSTRACT Vehicular

More information

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Tom Olzak October 2007 If your business is like mine, laptops regularly disappear. Until recently, centrally managed

More information

Security in Electronic Payment Systems

Security in Electronic Payment Systems Security in Electronic Payment Systems Jan L. Camenisch, Jean-Marc Piveteau, Markus A. Stadler Institute for Theoretical Computer Science, ETH Zurich, CH-8092 Zurich e-mail: {camenisch, stadler}@inf.ethz.ch

More information

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4

More information

Identification of Authenticity Requirements in Systems of Systems by Functional Security Analysis

Identification of Authenticity Requirements in Systems of Systems by Functional Security Analysis Identification of Authenticity Requirements in Systems of Systems by Functional Security Analysis Andreas Fuchs and Roland Rieke {andreas.fuchs,roland.rieke}@sit.fraunhofer.de Fraunhofer Institute for

More information

A Trust-driven Privacy Architecture for Vehicular Ad-Hoc Networks

A Trust-driven Privacy Architecture for Vehicular Ad-Hoc Networks A Trust-driven Privacy Architecture for Vehicular Ad-Hoc Networks Jetzabel M. Serna-Olvera Computer Architecture Department Universitat Politècnica de Catalunya A thesis submitted for the degree of Doctor

More information

Dell Client BIOS: Signed Firmware Update

Dell Client BIOS: Signed Firmware Update Dell Client BIOS: Signed Firmware Update An Implementation and Deployment Guide to NIST SP800-147 BIOS Protections for Dell Client BIOS Rick Martinez Dell Client BIOS This white paper is for informational

More information

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge Mitgliederversammlung EIKON e.v. 26. Februar 2014 Prof. Dr.-Ing. Georg Sigl Lehrstuhl für Sicherheit in

More information

Trustworthy Computing

Trustworthy Computing Stefan Thom Senior Software Development Engineer and Security Architect for IEB, Microsoft Rob Spiger, Senior Security Strategist Trustworthy Computing Agenda Windows 8 TPM Scenarios Hardware Choices with

More information

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code

More information

SPINS: Security Protocols for Sensor Networks

SPINS: Security Protocols for Sensor Networks SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, J.D. Tygar, Victor Wen, and David Culler Department of Electrical Engineering & Computer Sciences, University of California

More information

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication

More information

A Security Architecture for Multipurpose ECUs in Vehicles

A Security Architecture for Multipurpose ECUs in Vehicles A Security Architecture for Multipurpose ECUs in Vehicles Frederic Stumpf, Fraunhofer-Institute SIT, München Christian Meves, BMW Group Research and Technology, München Benjamin Weyl, BMW Group Research

More information

1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis, K.Markantonakis@rhul.ac.uk

1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis, K.Markantonakis@rhul.ac.uk Proposed PhD Research Areas I am looking for strong PhD candidates to work on the projects listed below. The ideal candidate would have a mix of theoretical and practical skills, achieved a distinction

More information

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:

More information

Computer Security. Draft Exam with Answers. 2009.

Computer Security. Draft Exam with Answers. 2009. Computer Security Draft Exam with Answers. 2009. Please note that the questions written here are a draft of the final exam. There may be typos in the questions that were corrected in the final version

More information

Single Sign-On Secure Authentication Password Mechanism

Single Sign-On Secure Authentication Password Mechanism Single Sign-On Secure Authentication Password Mechanism Deepali M. Devkate, N.D.Kale ME Student, Department of CE, PVPIT, Bavdhan, SavitribaiPhule University Pune, Maharashtra,India. Assistant Professor,

More information

Certificate Management in Ad Hoc Networks

Certificate Management in Ad Hoc Networks Certificate Management in Ad Hoc Networks Matei Ciobanu Morogan, Sead Muftic Department of Computer Science, Royal Institute of Technology [matei, sead] @ dsv.su.se Abstract Various types of certificates

More information

Lecture 7: Privacy and Security in Mobile Computing. Cristian Borcea Department of Computer Science NJIT

Lecture 7: Privacy and Security in Mobile Computing. Cristian Borcea Department of Computer Science NJIT Lecture 7: Privacy and Security in Mobile Computing Cristian Borcea Department of Computer Science NJIT Location Privacy Location Authentication Trusted Ad Hoc Networks 2 Privacy Violated Request: Retrieve

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0 Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust

More information

III. Our Proposal ASOP ROUTING ALGORITHM. A.Position Management

III. Our Proposal ASOP ROUTING ALGORITHM. A.Position Management Secured On-Demand Position Based Private Routing Protocol for Ad-Hoc Networks Ramya.R, Shobana.K, Thangam.V.S ramya_88@yahoo.com, k shobsi@yahoo.co.in,thangam_85@yahoo.com Department of Computer Science,

More information

Den Gode Webservice - Security Analysis

Den Gode Webservice - Security Analysis Den Gode Webservice - Security Analysis Cryptomathic A/S September, 2006 Executive Summary This report analyses the security mechanisms provided in Den Gode Web Service (DGWS). DGWS provides a framework

More information

Uni-directional Trusted Path: Transaction Confirmation on Just One Device

Uni-directional Trusted Path: Transaction Confirmation on Just One Device Uni-directional Trusted Path: Transaction Confirmation on Just One Device Atanas Filyanov 1, Jonathan M. McCune 2, Ahmad-Reza Sadeghi 3, Marcel Winandy 1 1 Ruhr-University Bochum, Germany 2 Carnegie Mellon

More information

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) In this video you will learn the quite a bit about Public Key Infrastructure and how it is used to authenticate clients and servers. The purpose of Public Key Infrastructure

More information

Data Storage Security in Cloud Computing for Ensuring Effective and Flexible Distributed System

Data Storage Security in Cloud Computing for Ensuring Effective and Flexible Distributed System Data Storage Security in Cloud Computing for Ensuring Effective and Flexible Distributed System 1 K.Valli Madhavi A.P vallimb@yahoo.com Mobile: 9866034900 2 R.Tamilkodi A.P tamil_kodiin@yahoo.co.in Mobile:

More information

siemens.com/tolling Back-office system Sitraffic Sensus Server Supplies all front-end data. Suitable for any GNSS tolling back-office.

siemens.com/tolling Back-office system Sitraffic Sensus Server Supplies all front-end data. Suitable for any GNSS tolling back-office. siemens.com/tolling Back-office system Server Supplies all front-end data. Suitable for any GNSS tolling back-office. Server: The universal back-office for efficient and effective toll collection Server

More information

Proof of Freshness: How to efficiently use an online single secure clock to secure shared untrusted memory.

Proof of Freshness: How to efficiently use an online single secure clock to secure shared untrusted memory. Proof of Freshness: How to efficiently use an online single secure clock to secure shared untrusted memory. Marten van Dijk, Luis F. G. Sarmenta, Charles W. O Donnell, and Srinivas Devadas MIT Computer

More information

Trustworthy Identity Management for Web Authentication

Trustworthy Identity Management for Web Authentication Trustworthy Identity Management for Web Authentication Ramasivakarthik Mallavarapu Aalto University, School of Science and Technology kmallava@tkk.fi Abstract Identity theft today is one of the major security

More information

Electronic Contract Signing without Using Trusted Third Party

Electronic Contract Signing without Using Trusted Third Party Electronic Contract Signing without Using Trusted Third Party Zhiguo Wan 1, Robert H. Deng 2 and David Lee 1 Sim Kim Boon Institute for Financial Economics 1, School of Information Science 2, Singapore

More information

A Secure RFID Ticket System For Public Transport

A Secure RFID Ticket System For Public Transport A Secure RFID Ticket System For Public Transport Kun Peng and Feng Bao Institute for Infocomm Research, Singapore Abstract. A secure RFID ticket system for public transport is proposed in this paper. It

More information

Vehicular Security Hardware The Security for Vehicular Security Mechanisms

Vehicular Security Hardware The Security for Vehicular Security Mechanisms escrypt GmbH Embedded Security Systemhaus für eingebettete Sicherheit Vehicular Security Hardware The Security for Vehicular Security Mechanisms Marko Wolf, escrypt GmbH Embedded Security Embedded Security

More information

Blind Digital Signatures, Group Digital Signatures and Revocable Anonymity

Blind Digital Signatures, Group Digital Signatures and Revocable Anonymity Blind Digital Signatures, Group Digital Signatures and Revocable Anonymity Network Security Project Presentation, CSE Department, IIT Bombay Vijay Gabale Ashutosh Dhekne Sagar Bijwe Nishant Burte MTech

More information

Index Terms: Data integrity, dependable distributed storage, Cloud Computing

Index Terms: Data integrity, dependable distributed storage, Cloud Computing Volume 5, Issue 5, May 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Cloud Data Protection

More information

Car Connections. Johan Lukkien. System Architecture and Networking

Car Connections. Johan Lukkien. System Architecture and Networking Car Connections Johan Lukkien System Architecture and Networking 1 Smart mobility, TU/e wide Cooperative Driving (platooning), A270: Helmond-Eindhoven, 2011 (Mechanical Engineering/TNO) Full electric:

More information

INTERNET FOR VANET NETWORK COMMUNICATIONS -FLEETNET-

INTERNET FOR VANET NETWORK COMMUNICATIONS -FLEETNET- ABSTRACT INTERNET FOR VANET NETWORK COMMUNICATIONS -FLEETNET- Bahidja Boukenadil¹ ¹Department Of Telecommunication, Tlemcen University, Tlemcen,Algeria Now in the world, the exchange of information between

More information

Fighting product clones through digital signatures

Fighting product clones through digital signatures Paul Curtis, Katrin Berkenkopf Embedded Experts Team, SEGGER Microcontroller Fighting product clones through digital signatures Product piracy and forgery are growing problems that not only decrease turnover

More information

Description of the Technical Component:

Description of the Technical Component: Confirmation concerning Products for Qualified Electronic Signatures according to 15 Sec. 7 S. 1, 17 Sec. 4 German Electronic Signature Act 1 and 11 Sec. 2 and 15 German Electronic Signature Ordinance

More information

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions

More information

Using the TPM: Authentication and Attestation

Using the TPM: Authentication and Attestation Using the TPM: Machine Ariel Segall ariels@alum.mit.edu Day 2 Approved for Public Release: 12-2749. Distribution unlimited License All materials are licensed under a Creative Commons Share Alike license.

More information

IoT Security Platform

IoT Security Platform IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there

More information

PrivyLink Cryptographic Key Server *

PrivyLink Cryptographic Key Server * WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology

More information

Using the TPM: Data Protection and Storage

Using the TPM: Data Protection and Storage Using the TPM: Data Protection and Storage Ariel Segall ariels@alum.mit.edu Day 2 Approved for Public Release: 12-2749. Distribution unlimited License All materials are licensed under a Creative Commons

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information