No Arabic abstract
Several years of academic and industrial research efforts have converged to a common understanding on fundamental security building blocks for the upcoming Vehicular Communication (VC) systems. There is a growing consensus towards deploying a Vehicular Public-Key Infrastructure (VPKI) enables pseudonymous authentication, with standardization efforts in that direction. However, there are still significant technical issues that remain unresolved. Existing proposals for instantiating the VPKI either need additional detailed specifications or enhanced security and privacy features. Equally important, there is limited experimental work that establishes the VPKI efficiency and scalability. In this paper, we are concerned with exactly these issues. We leverage the common VPKI approach and contribute an enhanced system with precisely defined, novel features that improve its resilience and the user privacy protection. In particular, we depart from the common assumption that the VPKI entities are fully trusted and we improve user privacy in the face of an honest-but-curious security infrastructure. Moreover, we fully implement our VPKI, in a standard-compliant manner, and we perform an extensive evaluation. Along with stronger protection and richer functionality, our system achieves very significant performance improvement over prior systems - contributing the most advanced VPKI towards deployment.
Several years of academic and industrial research efforts have converged to a common understanding on fundamental security building blocks for the upcoming Vehicular Communication (VC) systems. There is a growing consensus towards deploying a special-purpose identity and credential management infrastructure, i.e., a Vehicular Public-Key Infrastructure (VPKI), enabling pseudonymous authentication, with standardization efforts towards that direction. In spite of the progress made by standardization bodies (IEEE 1609.2 and ETSI) and harmonization efforts (Car2Car Communication Consortium (C2C-CC)), significant questions remain unanswered towards deploying a VPKI. Deep understanding of the VPKI, a central building block of secure and privacy-preserving VC systems, is still lacking. This paper contributes to the closing of this gap. We present SECMACE, a VPKI system, which is compatible with the IEEE 1609.2 and ETSI standards specifications. We provide a detailed description of our state-of-the-art VPKI that improves upon existing proposals in terms of security and privacy protection, and efficiency. SECMACE facilitates multi-domain operations in the VC systems and enhances user privacy, notably preventing linking pseudonyms based on timing information and offering increased protection even against honest-but-curious VPKI entities. We propose multiple policies for the vehicle-VPKI interactions, based on which and two large-scale mobility trace datasets, we evaluate the full-blown implementation of SECMACE. With very little attention on the VPKI performance thus far, our results reveal that modest computing resources can support a large area of vehicles with very low delays and the most promising policy in terms of privacy protection can be supported with moderate overhead.
Vehicular Communication (VC) systems will greatly enhance intelligent transportation systems. But their security and the protection of their users privacy are a prerequisite for deployment. Efforts in industry and academia brought forth a multitude of diverse proposals. These have now converged to a common view, notably on the design of a security infrastructure, a Vehicular Public Key Infrastructure (VPKI) that shall enable secure conditionally anonymous VC. Standardization efforts and industry readiness to adopt this approach hint to its maturity. However, there are several open questions remaining, and it is paramount to have conclusive answers before deployment. In this article, we distill and critically survey the state of the art for identity and credential management in VC systems, and we sketch a roadmap for addressing a set of critical remaining security and privacy challenges.
In spite of progress in securing Vehicular Communication (VC) systems, there is no consensus on how to distribute Certificate Revocation Lists (CRLs). The main challenges lie exactly in (i) crafting an efficient and timely distribution of CRLs for numerous anonymous credentials, pseudonyms, (ii) maintaining strong privacy for vehicles prior to revocation events, even with honest-but-curious system entities, (iii) and catering to computation and communication constraints of on-board units with intermittent connectivity to the infrastructure. Relying on peers to distribute the CRLs is a double-edged sword: abusive peers could pollute the process, thus degrading the timely CRLs distribution. In this paper, we propose a vehicle-centric solution that addresses all these challenges and thus closes a gap in the literature. Our scheme radically reduces CRL distribution overhead: each vehicle receives CRLs corresponding only to its region of operation and its actual trip duration. Moreover, a fingerprint of CRL pieces is attached to a subset of (verifiable) pseudonyms for fast CRL piece validation (while mitigating resource depletion attacks abusing the CRL distribution). Our experimental evaluation shows that our scheme is efficient, scalable, dependable, and practical: with no more than 25 KB/s of traffic load, the latest CRL can be delivered to 95% of the vehicles in a region (15 x 15 KM) within 15s, i.e., more than 40 times faster than the state-of-the-art. Overall, our scheme is a comprehensive solution that complements standards and can catalyze the deployment of secure and privacy-protecting VC systems.
Radio Access Networks (RAN) tends to be more distributed in the 5G and beyond, in order to provide low latency and flexible on-demanding services. In this paper, Blockchain-enabled Radio Access Networks (BE-RAN) is proposed as a novel decentralized RAN architecture to facilitate enhanced security and privacy on identification and authentication. It can offer user-centric identity management for User Equipment (UE) and RAN elements, and enable mutual authentication to all entities while enabling on-demand point-to-point communication with accountable billing service add-on on public network. Also, a potential operating model with thorough decentralization of RAN is envisioned. The paper also proposed a distributed privacy-preserving P2P communication approach, as one of the core use cases for future mobile networks, is presented as an essential complement to the existing core network-based security and privacy management. The results show that BE-RAN significantly improves communication and computation overheads compared to the existing communication authentication protocols.
The OpenMosix approach is a good solution to build powerful and scalable computing farms. Furthermore an easy management infrastructure is implemented using diskless nodes and network boot procedures. In HENP environment, the choice of OpenMosix has been proven to be an optimal solution to give a general performance boost on implemented systems thanks to its load balancing and process migration features. In this poster we give an overview of the activities, carried out by our computing center, concerning the installation, management, monitoring, and usage of HPC Linux clusters running OpenMosix.