The University of Birmingham School of Computer Science. Research Student Monitoring Group Report 2



Similar documents
Mix-Zones for Location Privacy in Vehicular Networks

Vincent Cheval. Curriculum Vitae. Research

Privacy through Pseudonymity in Mobile Telephony Systems

Enforcing Privacy Using Symmetric Random Key-Set in Vehicular Networks

A survey on securing user authentication in vehicular ad hoc networks

Implementation and Evaluation of Certificate Revocation List Distribution for Vehicular Ad-hoc Networks

COMPLEMENTING PUBLIC KEY INFRASTRUCTURE TO SECURE VEHICULAR AD HOC NETWORKS

Certificate Based Scheme and Expedite Message Authentication Protocol for Vehicular Ad Hoc Networks

Secured Data Transmissions In Manet Using Neighbor Position Verfication Protocol

Security/Privacy Models for "Internet of things": What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan

Certificate Revocation Management in VANET

Proxy Based Authentication Scheme Using Distributed Computing in Vehicular Ad Hoc Networks

Inductive Analysis of Security Protocols in Isabelle/HOL with Applications to Electronic Voting

Security Challenges And Implementation Mechanism For Vehicular Ad Hoc Network

Formal Modelling of Network Security Properties (Extended Abstract)

AN EFFICIENT STRATEGY OF AGGREGATE SECURE DATA TRANSMISSION

A New Security Mechanism for Vehicular Communication Networks

How to prove security of communication protocols?

Efficient Certificate Management in VANET

Design of Simple and Efficient Revocation List Distribution in Urban areas for VANET s

Wireless Network Security Spring 2014

Region Authority (RA) Collaborated Certificate Organization and Management in VANET

Information Security at ETH Zurich Institute of Information Security at ETH Zurich Zurich Information Security and Privacy Center

Secure APIs and Simulationbased. Exposé thésard

Vampire Attack Detecting and Preventing in Wireless Sensor Network

Electronic Voting Protocol Analysis with the Inductive Method

Certificate Management in Ad Hoc Networks

REVIEW OF DIFFERENT APPROACHES FOR PRIVACY SCHEME IN VANETS

Vulnerabilities of Intrusion Detection Systems in Mobile Ad-hoc Networks - The routing problem

Mobile Security Wireless Mesh Network Security. Sascha Alexander Jopen

An Investigation of DOS Flooding Attack in VANET.

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD

A Taxonomy of Single Sign-On Systems

1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis,

How to Formally Model Features of Network Security Protocols

Chapter 1: Introduction

The Advantages of Automatic Protocol Creation

DATA SECURITY IN CLOUD USING ADVANCED SECURE DE-DUPLICATION

Reza Shokri Curriculum Vitae [1 of 5] Reza Shokri

SECURE SIGNATURE BASED CEDAR ROUTING IN MOBILE ADHOC NETWORKS

Why Cryptosystems Fail. By Ahmed HajYasien

Cloud Data Storage Services Considering Public Audit for Security

Securing MANET Using Diffie Hellman Digital Signature Scheme

III. Our Proposal ASOP ROUTING ALGORITHM. A.Position Management

DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES

Secure Key Management Architecture Against Sensor-node Fabrication Attacks

Information Security in Big Data using Encryption and Decryption

EFFICIENT SECRURITY IMPLEMENTATION FOR EMERGING VANETS

A Survey on Untransferable Anonymous Credentials

Anonymity with Identity Escrow

How To Research Security And Privacy Using Data Science

Doctor of Philosophy in Computer Science

Data Security in Unattended Wireless Sensor Network

A Secure RFID Ticket System For Public Transport

Strengthen RFID Tags Security Using New Data Structure

Single Sign-On Secure Authentication Password Mechanism

Security protocols for ad-hoc wireless networks Raghava Karanam, Gautam Sreeram Pendum, Narendra Nath Vattikuti

C U R R I C U L U M V I T A E T R I V A N L E

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud

Secure and privacy-preserving DRM scheme using homomorphic encryption in cloud computing

Master of Science in Computer Science

Formal Methods in Security Protocols Analysis

How To Make A Dynamic Rule Based Ids For Vanet

SECURE DATA TRANSMISSION USING INDISCRIMINATE DATA PATHS FOR STAGNANT DESTINATION IN MANET

EIT ICT Labs MASTER SCHOOL. Specialisations

A Blueprint for Universal Trust Management Services

Babel: Using a Common Bridge Node to Deliver Multiple Keys in Wireless Sensor Networks

Reusable Anonymous Return Channels

INTERNET FOR VANET NETWORK COMMUNICATIONS -FLEETNET-

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

CLOUD BASED STORAGE SERVICES FOR SECURITY FOLLOWED BY THE DATA AUTHENTICATION

An Overview of Common Adversary Models

3-12 Autonomous Access Control among Nodes in Sensor Networks with Security Policies

A Framework for Data Security, Identification and Authentication in VANET G.Archana,S. Andal

Enhancing Data Security in Cloud Storage Auditing With Key Abstraction

Near Sheltered and Loyal storage Space Navigating in Cloud

A Catechistic Method for Traffic Pattern Discovery in MANET

Tackling Security and Privacy Issues in Radio Frequency Identification Devices

SP A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter

Group Security Model in Wireless Sensor Network using Identity Based Cryptographic Scheme

Internet Anonymity and the Design Process - A Practical Approach

Special Properties of Ad-hoc Wireless Network and Security Models

End-to-End Security in Wireless Sensor Networks (WSNs) Talk by Claudio Anliker Supervised by Dr. Corinna Schmitt University of Zurich

Efficient Data Transmission For Wireless Sensor Networks

Security Infrastructure for Trusted Offloading in Mobile Cloud Computing

Introduction to Security

Intrusion Detection of Sinkhole Attacks in Wireless Sensor Networks

CHAPTER 1 INTRODUCTION

A Draft Framework for Designing Cryptographic Key Management Systems

Security and Privacy Flaws in a Recent Authentication Protocol for EPC C1 G2 RFID Tags

A Secure Decentralized Access Control Scheme for Data stored in Clouds

Context-Aware Role Based Access Control Using User Relationship

Lightweight Cryptography. Lappeenranta University of Technology

THIS: THreshold security for Information aggregation in Sensor networks

Electronic and Digital Signatures

TELECOMMUNICATION NETWORKS

Capture Resilient ElGamal Signature Protocols

ROUTE MECHANISMS FOR WIRELESS ADHOC NETWORKS: -CLASSIFICATIONS AND COMPARISON ANALYSIS

A Trust-driven Privacy Architecture for Vehicular Ad-Hoc Networks

Transcription:

The University of Birmingham School of Computer Science Research Student Monitoring Group Report 2 Name of student: Loretta Mancini Name of supervisor and other members of thesis group: Eike Ritter, Jon Rowe, Mark Ryan Date of report: 14th October 2010 Working title: Protocol verification in pervasive systems Introduction to research topic Pervasive Systems consist of a variety of devices, often produced from different manufacturers, interacting and communicating, usually through wireless connections, with each other and with a variety of systems providing a range of services. They are characterised by the ability of sensing their physical whereabouts and use the gathered environmental data to customize their behaviour. Pervasive Systems involve a high degree of complexity due to the high number of devices interacting and communicating to each other, the mobility of devices, the context awareness, the reactive context dependent behaviour, the interactivity with the user, the real-time requirements, the variety of offered services. Moreover pervasive computing is often used in critical area (e.g. road safety [24], health care [3]) making security, reliability, safety and liveness primary requirements. We believe the success of pervasive systems deployment depends not only on the ability to build, secure, maintain and augment interoperable systems but as well on the possibility to give some level of confidence about the system properties and offered services. Formal verification approaches can give users and system developers confidence about the level of reliability, security, safety and usability of the system. Formal definition of the properties of a system and their verification can moreovere give a better understanding of the system itself and help finding and fixing flaws. In this thesis we will focus on the formal verification of security protocols in pervasive systems, taking inspiration from case studies of concrete protocols, and aiming at the same time to obtain more general results that will eventually make it possible

to extend the use of automatic proof tools to the verification of a wider range of security properties for selected classes of processes. We will use process calculi enabling us to abstract from implementation details and give a high level description of the interaction, communication and synchronisation of the protocols participants. To ease the modelling of cryptographic protocols we will mainly use the applied pi calculus [2, 26], an extension of the pi-calculus, enriched with a set of function names, variables and equational theory. Work done so far This thesis is part of the EPSRC founded project Verifying interoperability requirements in pervasive Systems. More specifically we are here interested in security requirements. We will take inspiration from pervasive system case studies aiming to find challenging issues with respect to the existent techniques in the area of formal verification of security protocols. We found Vehicular Ad-hoc Networks (VANETs) an interesting example of pervasive system recently catching attention and investment of both industry and governments. Therefore we started exploring the problem of security in VANETs and focused our attention on the related privacy issues. In fact, providing privacy friendly services seems to be, at the same time, a primary concern for the deployment of VANETs, since it is vital for the users acceptance of the system, and a challenging issue, since strong accountability is required for liability purposes. The problem of privacy in vehicular network is linked to the fact that frequent broadcasts of a vehicle s position are required to enable the development of safety related applications. These messages containing a vehicle s position are authenticated i.e. contain a certificate, that is a sort of identifier that makes possible to trace vehicles routes. Location privacy is a major concern in VANETs, in fact simply by listening to the broadcast messages, using inexpensive wireless devices, external attackers can link vehicles consecutively occupied positions with the possibility of targeting specific vehicles or mapping the entire traffic in the monitored zone. Different approaches have been proposed in literature to provide location privacy while ensuring accountability in VANETs. They can be classified in: multiplepseudonyms-based, group signature based and hybrid. Multiple-pseudonyms-based approaches consist in having set of short-live pseudonyms and changing them following some protocol specific policy. Group signature based approches achieve privacy for free thanks to the properties of group signatures. Hybrid approaches combine the use of multiple pseudonyms with symmetric, group or identity based encryption, so to create a mix zone or to improve pseudonym management. The most accepted approaches result to be the multiple pseudonyms based ones, this is due to the fact that group signatures based cryptographic schemes introduce a high verification overhead. The high amount of received messages and the time sensitivity of safety applications make efficiency of signature verification critical in VANETs. Therefore we focused our attention on multiple pseudonyms based approaches.

We analysed in particular the Cmix protocol, a protocol inspired from the mix zones concept introduced by Beresford and Stajano [8] in the context of location aware applications; the basic idea is to create, with the help of the road side infrastructure, cryptographic mix zones at road intersections. The Cmix protocol has been formally studied by Dahl, Delaune and Steel [16] with respect to an observational equivalence based characterisation of privacy. Despite the analysis being effective in highlighting not so obvious details about the role of timing in the execution of the protocol; the high level of abstraction makes difficult to figure out how well the model matches the actual protocol. In particular, we find the encoding of locations and the resulting privacy property definition too rigid and overall it is difficult to understand if the attacks found on the model actually reflect attacks on the real protocol. These considerations motivated us to give a model of the protocol so to closely mimic the actual scenario. Case Study Analysis. The model obtained will allow us to test the Cmix protocol against the satisfiability of privacy related properties such as the untraceability, unlinkability and anonymity properties formalised in applied pi calculus by Arapinis et al. [4, 5]. In particular we aim to prove that the proposed model of the protocol satisfies the unlinkability property. The unlinkability property is defined in term of a non standard trace equivalence hence is not currently supported by automated proof tools and is difficult to manually prove. We will exploit both proof techniques, using different approaches to go around the mentioned difficulty: Manual proof. Even if not trivial, bisimilarity is more suited for a manual proof than trace equivalence. So we can focus on proving strong unlinkability that is defined through bisimilarity. In fact, in [5] Arapinis et al. prove that strong unlinkability implies unlinkability. Automated proof. We believe the automated proof tool (Proverif [9]) could be used to prove that the Cmix protocol satisfies untraceability. To obtain the desired result we will then have to prove (manually) that untraceability implies unlinkability. Extension to General Protocol Verification Issues. We aim to prove that the unlinkability property is decidable for a subclass of processes of the applied pi calculus. We identified several issues to be solved in order to achieve the mentioned decidability result: The unlinkability and anonymity properties mentioned above are defined as trace equivalence based properties and make use of annotations. The use of annotations makes them, to some extent, difficult to reason with. Hence we started in parallel to design an extension of applied pi calculus aimed to ease in general the analysis of protocol against properties defined through annotations (e.g. correspondence properties). The proposed extension is meant to be only syntactic, in fact its purpose is to ease the analysis of properties that make use of annotation without changing the intended semantic of the calculus. Accordingly we gave a draft proof showing that the equivalences obtained

for processes of our extension (we called it annotated applied pi calculus ) coincide with the original ones. The unlinkability property will have to be redefined in the annotated applied pi calculus. Recent works show the decidability of trace equivalence of protocols represented through constraint systems (e.g. [7, 14, 13, 15]), we will take advantage of these results extending and adapting them so to prove the decidability of the unlinkability property. Reviewed literature Formal Verification of Pervasive Systems. [3] Overview of verification of pervasive system techniques with reference to a case study application for care at home. VANETs. [30] Pioneer paper about vehicular networks and related security issues. They describe a VANETs architecture and two possible applications. Referring to the proposed architecture and applications they discuss the challenges involved in deploying, and securing vehicular networks. [23] An overview of VANETs security. Several challenges from the security point of view are highlighted. In particular the issues of secure positioning and privacy are exploited and some solutions are informally discussed, e.g. the broadcast of authenticated positions from trusted road infrastructure devices is proposed as possible solution to the problem of secure positioning, while the introduction of anonymization services and the use of group signatures are discussed in relation to the privacy problem. [25] A security architecture for VANETs is proposed and the opportunity of different possible solutions is discussed. The problem of public key infrastructure deployment, authentication of participant vehicles, certificate revocation and privacy are exploited. [24] Introduction to the VANETs network model and definition of VANETs applications categories depending on their purpose. The paper focuses on safety applications and describes the basic safety messaging protocol. It highlights possible attacks and security requirements and discusses possible solution for public key infrastructure, key revocation and change of pseudonyms.

[12] They propose the use of group signatures to self certify pseudonyms, this allows vehicles to efficiently generate pseudonyms without affecting the accountability properties of the system. They propose several optimisation strategies to overcome the limitation of slow verification time of group signatures. Privacy in VANETs [28] Analysis of the privacy requirements in vehicular networks and of the different available approaches towards proving privacy. [18] They propose a pseudonym change protocol based on mix context. The protocol is based on the idea that the level of privacy achieved by vehicles when changing pseudonyms ia higher if they share the same context with a high number of neighboring vehicles. Hence they proposse to trigger pseudonym changes only when the entropy (calculated depending on the actual context) is above a given threshold. [10] Hybrid approach to the problem of privacy in vehicular networks using multiple pseudonyms and publick key encryption for vehicle to vehicle and vehicle to infrastructure communications. As a part of the proposed model, a protocol for pairwise symmetric key establishment between pair vehicles and a protocol enabling of group communication of neighboring vehicles are presented. [27] The paper introduces the CARAVAN protocol to enhance location privacy of vehicles traveling in geographical proximity. The algorithm uses a combination of group signatures and silent periods to provide privacy when accessing location based service applications.due to the use of silent periods CARAVAN protocol is not suitable for safety related applications. [21] They discuss a security framework for vehicular network based on group signatures and role-based access control. [22] They propose a model for preserving privacy based on group signatures for vehicle tovehicle communications and Identity based signatures for RSU to vehicle communications. [29] The use of Temporary Anonymous Certified Keys (TACKs) is proposed. TACKs are obtained with the aid of road infrastructure devices when passing from a geographic region to an other, using a group signatures based protocol to ensure privacy. Mix Zones and CMix protocol [8] Introduces the concept of Mix Zone in the context of a location aware pervasive application. [17] Introduces the Cmix Zones protocol as a mechanism to create mix zones at road intersections and enhance location privacy in VANETs. Gives a model for strong and weak adversary and test the level of location privacy achieved by the Cmix protocol through a simulation of the proposed network and attacker models.

[11] Analysis of mix zones based models for changing pseudonyms. Defines probabilistic adversary tracking strategy and introduces a metric to quantify a vehicle level of privacy. They simulate the model using a realistic road scenario and show the privacy achieved by vehicles depending on the strength of the attacker measured by the number of monitored intersections. Their results are relevant as the analysis is independent from the specific protocol adopted to create the mix zone. [16] Formal analysis of the Cmix protocol using an observational equivalence based definition of privacy and Proverif tool. Formal verification techniques. [2] Introduces the applied pi calculus as a flexible calculus to reason about security protocols. Applied pi calculus is an extension of pi calculus that enriches it adding functions, value passing and equations. [26] A tutorial style introduction to security protocols analysis in applied pi calculus. They show how to formalise and verify different properties using a range of equivalence and trace based techniques. [15] They show that observational equivalence is decidable for a subclass of applied pi calculus processes (bounded and determinate) and a general class of equational theories. They restrict the class of applied pi calculus processes to the determinate ones, in fact on determinate processes observational equivalence with trace equivalence. The decidability of trace equivalence can be reduced to the problem of deciding symbolic equivalence of constraint systems. Hence observational equivalence can be reduced to the symbolic equivalence of finitely many pair of constraint systems (the ones obtained when symbolically representing the involved pair of applied pi calculus processes). Symbolic equivalence is decidable for subterm convergent theories as proved in [7]. [7] Shows the decidability of satisfiability and equivalence of constraint systems where the equational theory is presented by convergent subterm rewriting systems. [14] They show that any constraint system can be transformed in a simpler one (possibly many simpler ones) called solved form, preserving all the solutions of the original system. As a consequence, they prove decidability of the existence of key cycles. They show as well that the same technique can be used to prove decidability of authentication-like properties. [13] They present an algorithm that decides the symbolic equivalence of constraint systems in the case of signatures, symmetric and asymmetric encryptions (hence can be used to decide trace equivalence based properties of cryptographic protocols). [5] They give formal definitions of unlinkability and anonymity properties in applied pi calculus and apply them to a case study. They show that unlinkability does

not imply anonymity and give an concrete example of this showing that the protocol used by French RFID e-passport preserves anonimity, but does not preserve unlinkability. [4] Gives definition of weak and strong untraceablity properties in applied pi calculus and illustrates them using RFID tag related examples. [9] They introduce the concept of biprocess i.e. processes that differ only in the choice of some term, and prove observational equivalence of biprocesses is decidable for a bounded number of session, resulting in the implementation of the automated proof tool Proverif. Presentations I have given so far two talks on the subject of security and privacy in vehicular ad-hoc networks: I held a session of the computer security seminar of the school of computer science during which I introduced the topic of VANETs security. I focused on the issues related to privacy and in particular I presented protocols illustrating the different privacy preserving approaches proposed in literature, as for example Cmix [17], TACKs[29] and CARAVAN [27]. I gave a similar talk during a project meeting in Liverpool in that occasion I focused on the Cmix protocol and the model we developed for it. Attended Schools and Conferences During the past few months I had the opportunity of attending two schools. The first school attended, MGS2010 (Midlands Graduate School), is a school on theoretical foundation of computer science, I found particularly interesting the course on separation logic, a calculus to reason about memory location usage in programming. I recently attended FOSAD2010 (10th International School on Foundations of Security Analysis and Design) where many courses focused on anonymity and privacy issues, one of the courses in particular presented privacy oriented cryptographic protocols, while other discussed system oriented solution like mixes and onion routing and explaind the bayesian approaches to the traffic analysis of anonymous communications. More theoretical courses gave an overview of symbolic verification of security protocols and present recent results obtained in proving the computational soundness of such methods. In an attempt of looking for more case studies, I attended a small one day conference SMART 2010 on smart technologies with talks of different nature on health care intelligent systems, energy management system, intelligent transport (VANETs).

The talks were more business than research oriented, anyway what emerged from the audience was a serious concern about the potential privacy threat introduced by smart (pervasive) systems. I regularly attend CompSecSem talks, a series of talks organised by the security group of the School of Computer Science (University of Birmingham), where new research topics and ideas are presented by members of the security group and invited speakers. Timetable and Future Work The unlinkability property will be defined in the proposed extension of applied pi calculus (by end of October 2010). A formal proof of Cmix protocol unlinkability property will be given (by the end of November 2010). More case studies will have to be considered, with respect to the anonyminity and unlinkability issues in pervasive systems. (by the end of December 2010). The decidability of the unlinkability property will be proved (by the end of January 2011). The formal study of security properties (other than privacy related ones) in the context of pervasive systems will be considered in support of the thesis proposal (by end of january 2011). References [1] Proceedings of the 23rd IEEE Computer Security Foundations Symposium, CSF 2010, Edinburgh, United Kingdom, July 17-19, 2010. IEEE Computer Society, 2010. [2] Martín Abadi and Cédric Fournet. Mobile values, new names, and secure communication. SIGPLAN Not., 36(3):104 115, 2001. [3] Myrto Arapinis, Muffy Calder, Louise Denis, Michael Fisher, Philip D. Gray, Savas Konur, Alice Miller, Eike Ritter, Mark Ryan, Sven Schewe, Chris Unsworth, and Rehana Yasmin. Towards the verification of pervasive systems. ECEASST, 22, 2009. [4] Myrto Arapinis, Tom Chothia, Eike Ritter, and Mark Ryan. M.: Untraceability in the applied pi calculus. In In: proc. of the 1st Int. Workshop on RFID Security and Cryptography, 2009. [5] Myrto Arapinis, Tom Chothia, Eike Ritter, and Mark Ryan. Analysing unlinkability and anonymity using the applied pi calculus. In CSF [1], pages 107 121.

[6] Vijay Atluri, Peng Ning, and Wenliang Du, editors. Proceedings of the 3rd ACM Workshop on Security of ad hoc and Sensor Networks, SASN 2005, Alexandria, VA, USA, November 7, 2005. ACM, 2005. [7] Mathieu Baudet. Deciding security of protocols against off-line guessing attacks. In CCS 05: Proceedings of the 12th ACM conference on Computer and communications security, pages 16 25, New York, NY, USA, 2005. ACM. [8] Alastair R. Beresford and Frank Stajano. Location privacy in pervasive computing. IEEE Pervasive Computing, 2:46 55, 2003. [9] Bruno Blanchet, Martín Abadi, and Cédric Fournet. Automated Verification of Selected Equivalences for Security Protocols. In 20th IEEE Symposium on Logic in Computer Science (LICS 2005), pages 331 340, Chicago, IL, June 2005. IEEE Computer Society. [10] M. Burmester, E. Magkos, and V. Chrissikopoulos. Strengthening privacy protection in vanets. pages 508 513, oct. 2008. [11] Levente Buttyán, Tamás Holczer, and István Vajda. On the effectiveness of changing pseudonyms to provide location privacy in vanets. In ESAS 07: Proceedings of the 4th European conference on Security and privacy in ad-hoc and sensor networks, pages 129 141, Berlin, Heidelberg, 2007. Springer-Verlag. [12] Giorgio Calandriello, Panos Papadimitratos, Jean-Pierre Hubaux, and Antonio Lioy. Efficient and robust pseudonymous authentication in vanet. In VANET 07: Proceedings of the fourth ACM international workshop on Vehicular ad hoc networks, pages 19 28, New York, NY, USA, 2007. ACM. [13] Vincent Cheval, Hubert Comon-Lundh, and Stéphanie Delaune. Automating security analysis: Symbolic equivalence of constraint systems. In Giesl and Hähnle [19], pages 412 426. [14] Hubert Comon-Lundh, Véronique Cortier, and Eugen Zălinescu. Deciding security properties for cryptographic protocols. application to key cycles. ACM Trans. Comput. Logic, 11(2):1 42, 2010. [15] Véronique Cortier and Stéphanie Delaune. A method for proving observational equivalence. In Proceedings of the 22nd IEEE Computer Security Foundations Symposium (CSF 09), pages 266 276, Port Jefferson, NY, USA, July 2009. IEEE Computer Society Press. [16] Morten Dahl, Stéphanie Delaune, and Graham Steel. Formal analysis of privacy for vehicular mix-zones. In Gritzalis et al. [20], pages 55 70. [17] Julien Freudiger, Maxim Raya, Mrk Flegyhzi, Panos Papadimitratos, and Jean- Pierre Hubaux. Mix-Zones for Location Privacy in Vehicular Networks. In ACM Workshop on Wireless Networking for Intelligent Transportation Systems (WiN-ITS), Vancouver, 2007.

[18] M. Gerlach and F. Guttler. Privacy in vanets using changing pseudonyms - ideal and real. pages 2521 2525, apr. 2007. [19] Jürgen Giesl and Reiner Hähnle, editors. Automated Reasoning, 5th International Joint Conference, IJCAR 2010, Edinburgh, UK, July 16-19, 2010. Proceedings, volume 6173 of Lecture Notes in Computer Science. Springer, 2010. [20] Dimitris Gritzalis, Bart Preneel, and Marianthi Theoharidou, editors. Computer Security - ESORICS 2010, 15th European Symposium on Research in Computer Security, Athens, Greece, September 20-22, 2010. Proceedings, volume 6345 of Lecture Notes in Computer Science. Springer, 2010. [21] Jinhua Guo, J.P. Baugh, and Shengquan Wang. A group signature based secure and privacy-preserving vehicular communication framework. pages 103 108, may. 2007. [22] Xiaodong Lin, Xiaoting Sun, Pin-Han Ho, and Xuemin Shen. Gsis: A secure and privacy-preserving protocol for vehicular communications. Vehicular Technology, IEEE Transactions on, 56(6):3442 3456, nov. 2007. [23] Bryan Parno and Adrian Perrig. Challenges in securing vehicular networks. In Proceedings of the Fourth Workshop on Hot Topics in Networks (HotNets-IV), November 2005. [24] Maxim Raya and Jean-Pierre Hubaux. The security of vehicular ad hoc networks. In Atluri et al. [6], pages 11 21. [25] Maxim Raya, Panos Papadimitratos, and Jean-Pierre Hubaux. Securing Vehicular Communications. IEEE Wireless Communications Magazine, Special Issue on Inter-Vehicular Communications, 13(5):8 15, 2006. [26] Mark Ryan and Ben Smyth. Applied pi calculus. In Véronique Cortier and Steve Kremer, editors, Formal Models and Techniques for Analyzing Security Protocols, chapter 6. IOS Press, 2010. to be published. [27] Krishna Sampigethaya, Leping Huang, Mingyan Li, Radha Poovendran, Kanta Matsuura, and Kaoru Sezaki. Caravan: Providing location privacy for vanet. In in Embedded Security in Cars (ESCAR, 2005. [28] Florian Schaub, Zhendong Ma, and Frank Kargl. Privacy requirements in vehicular communication systems. In CSE 09: Proceedings of the 2009 International Conference on Computational Science and Engineering, pages 139 145, Washington, DC, USA, 2009. IEEE Computer Society. [29] Ahren Studer, Elaine Shi, Fan Bai, and Adrian Perrig. Tacking together efficient authentication, revocation, and privacy in vanets. In SECON 09: Proceedings of the 6th Annual IEEE communications society conference on Sensor, Mesh and Ad Hoc Communications and Networks, pages 484 492, Piscataway, NJ, USA, 2009. IEEE Press.

[30] Magda El Zarki, Sharad Mehrotra, Gene Tsudik, and Nalini Venkatasubramanian. Security issues in a future vehicular network. In In European Wireless, pages 270 274, 2002.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information