Refine
H-BRS Bibliography
- yes (15)
Departments, institutes and facilities
Document Type
- Conference Object (8)
- Article (4)
- Part of a Book (2)
- Preprint (1)
Keywords
With the rising interest in vehicular communication systems many proposals for secure vehicle-to-vehicle commu- nication were made in recent years. Also, several standard- ization activities concerning the security and privacy measures in these communication systems were initiated in Europe and in US. Here, we discuss some limitations for secure vehicle- to-infrastructure communication in the existing standards of the European Telecommunications Standards Institute. Next, a vulnerability analysis for roadside stations on one side and security and privacy requirements for roadside stations on the other side are given. Afterwards, a proposal for a multi-domain public key architecture for intelligent transport systems, which considers the necessities of road infrastructure authorities and vehicle manufacturers, is introduced. The domains of the public key infrastructure are cryptographically linked based on local trust lists. In addition, a crypto agility concept is suggested, which takes adaptation of key length and cryptographic algorithms during PKI operation into account.
The latest advances in the field of smart card technologies allow modern cards to be more than just simple security tokens. Recent developments facilitate the use of interactive components like buttons, displays or even touch-sensors within the cards body thus conquering whole new areas of application. With interactive functionalities the usability aspect becomes the most important one for designing secure and popularly accepted products. Unfortunately the usability can only be tested fully with completely integrated hence expensive smart card prototypes. This restricts application specific research, case studies of new smart card user interfaces, concerning applications and the performance of useability tests in smart card development. Rapid development and simulation of smart card interfaces and applications can help to avoid this restriction. This paper presents SCUIDtextsuperscript{Sim} a tool for rapid user-centric development of new smart card interfaces and applications based on common smartphone technology.
A deployment of the Vehicle-2-Vehicle communication technology according to ETSI is in preparation in Europe. Currently, a policy for a necessary Public Key Infrastructure to enrol cryptographic keys and certificates for vehicles and infrastructure component is in discussion to enable an interoperable Vehicle-2-Vehicle communication. Vehicle-2-Vehicle communication means that vehicles periodically send Cooperative Awareness Messages. These messages contain the current geographic position, driving direction, speed, acceleration, and the current time of a vehicle. To protect privacy (location privacy, “speed privacy”) of vehicles and drivers ETSI provides a specific pseudonym concept. We show that the Vehicle-2-Vehicle communication can be misused by an attacker to plot a trace of sequent Cooperative Awareness Messages and to link this trace to a specific vehicle. Such a trace is non-disputable due to the cryptographic signing of the messages. So, the periodically sending of Cooperative Awareness Messages causes privacy problems even if the pseudonym concept is applied.
The latest advances in the field of smart card technologies allow modern cards to be more than just simple security tokens. Recent developments facilitate the use of interactive components like buttons, displays or even touch-sensors within the card's body thus conquering whole new areas of application. With interactive functionalities the usability aspect becomes the most important one for designing secure and popularly accepted products. Unfortunately, the usability can only be tested fully with completely integrated hence expensive smart card prototypes. This restricts severely application specific research, case studies of new smart card user interfaces and the optimization of design aspects, as well as hardware requirements by making usability and acceptance tests in smart card development very costly and time-consuming. Rapid development and simulation of smart card interfaces and applications can help to avoid this restriction. This paper presents a rapid development process for new smart card interfaces and applications based on common smartphone technology using a tool called SCUID^Sim. We will demonstrate the variety of usability aspects that can be analyzed with such a simulator by discussing some selected example projects.
A deployment of the Vehicle-to-Vehicle communication technology according to ETSI is in preparation in Europe. Currently, a Public Key Infrastructure policy for Intelligent Transport Systems in Europe is in discussion to enable V2V communication. This policy set aside two classes of keys and certificates for ITS vehicle stations: long term authentication keys and pseudonymous keys and certificates. We show that from our point of view the periodic sent Cooperative Awareness Messages with extensive data have technical limitations and together with the pseudonym concept cause privacy problems.
Secure vehicular communication has been discussed over a long period of time. Now,- this technology is implemented in different Intelligent Transportation System (ITS) projects in europe. In most of these projects a suitable Public Key Infrastructure (PKI) for a secure communication between involved entities in a Vehicular Ad hoc Network (VANET) is needed. A first proposal for a PKI architecture for Intelligent Vehicular Systems (IVS PKI) is given by the car2car communication consortium. This architecture however mainly deals with inter vehicular communication and is less focused on the needs of Road Side Units. Here, we propose a multi-domain PKI architecture for Intelligent Transportation Systems, which considers the necessities of road infrastructure authorities and vehicle manufacturers, today. The PKI domains are cryptographically linked based on local trust lists. In addition, a crypto agility concept is suggested, which takes adaptation of key length and cryptographic algorithms during PKI operation into account.
Threats to passwords are still very relevant due to attacks like phishing or credential stuffing. One way to solve this problem is to remove passwords completely. User studies on passwordless FIDO2 authentication using security tokens demonstrated the potential to replace passwords. However, widespread acceptance of FIDO2 depends, among other things, on how user accounts can be recovered when the security token becomes permanently unavailable. For this reason, we provide a heuristic evaluation of 12 account recovery mechanisms regarding their properties for FIDO2 passwordless authentication. Our results show that the currently used methods have many drawbacks. Some even rely on passwords, taking passwordless authentication ad absurdum. Still, our evaluation identifies promising account recovery solutions and provides recommendations for further studies.
TinyECC 2.0 is an open source library for Elliptic Curve Cryptography (ECC) in wireless sensor networks. This paper analyzes the side channel susceptibility of TinyECC 2.0 on a LOTUS sensor node platform. In our work we measured the electromagnetic (EM) emanation during computation of the scalar multiplication using 56 different configurations of TinyECC 2.0. All of them were found to be vulnerable, but to a different degree. The different degrees of leakage include adversary success using (i) Simple EM Analysis (SEMA) with a single measurement, (ii) SEMA using averaging, and (iii) Multiple-Exponent Single-Data (MESD) with a single measurement of the secret scalar. It is extremely critical that in 30 TinyECC 2.0 configurations a single EM measurement of an ECC private key operation is sufficient to simply read out the secret scalar. MESD requires additional adversary capabilities and it affects all TinyECC 2.0 configurations, again with only a single measurement of the ECC private key operation. These findings give evidence that in security applications a configuration of TinyECC 2.0 should be chosen that withstands SEMA with a single measurement and, beyond that, an addition of appropriate randomizing countermeasures is necessary.