Visible to the public Practical Anonymous Attestation-based Pseudonym Schemes for Vehicular Networks

TitlePractical Anonymous Attestation-based Pseudonym Schemes for Vehicular Networks
Publication TypeConference Paper
Year of Publication2019
AuthorsDesmoulins, Nicolas, Diop, Aïda, Rafflé, Yvan, Traoré, Jacques, Gratesac, Josselin
Conference Name2019 IEEE Vehicular Networking Conference (VNC)
Date PublishedDec. 2019
PublisherIEEE
ISBN Number978-1-7281-4571-6
Keywordsanonymous messaging, attestation, composability, direct anonymous attestation, Hardware, Human Behavior, Metrics, network accountability, privacy, Protocols, pubcrawl, resilience, Resiliency, security, Trusted Computing, Vehicles, vehicular ad hoc networks, Vehicular Communication Systems
Abstract

Vehicular communication systems increase traffic efficiency and safety by allowing vehicles to share safety-related information and location-based services. Pseudonym schemes are the standard solutions providing driver/vehicle anonymity, whilst enforcing vehicle accountability in case of liability issues. State-of-the-art PKI-based pseudonym schemes present scalability issues, notably due to the centralized architecture of certificate-based solutions. The first Direct Anonymous Attestation (DAA)-based pseudonym scheme was introduced at VNC 2017, providing a decentralized approach to the pseudonym generation and update phases. The DAA-based construction leverages the properties of trusted computing, allowing vehicles to autonomously generate their own pseudonyms by using a (resource constrained) Trusted Hardware Module or Component (TC). This proposition however requires the TC to delegate part of the (heavy) pseudonym generation computations to the (more powerful) vehicle's On-Board Unit (OBU), introducing security and privacy issues in case the OBU becomes compromised. In this paper, we introduce a novel pseudonym scheme based on a variant of DAA, namely a pre-DAA-based pseudonym scheme. All secure computations in the pre-DAA pseudonym lifecycle are executed by the secure element, thus creating a secure enclave for pseudonym generation, update, and revocation. We instantiate vehicle-to-everything (V2X) with our pre-DAA solution, thus ensuring user anonymity and user-controlled traceability within the vehicular network. In addition, the pre-DAA-based construction transfers accountability from the vehicle to the user, thus complying with the many-to-many driver/vehicle relation. We demonstrate the efficiency of our solution with a prototype implementation on a standard Javacard (acting as a TC), showing that messages can be anonymously signed and verified in less than 50 ms.

URLhttps://ieeexplore.ieee.org/document/9062804
DOI10.1109/VNC48660.2019.9062804
Citation Keydesmoulins_practical_2019