Practical Anonymous Attestation-based Pseudonym Schemes for Vehicular Networks
Title | Practical Anonymous Attestation-based Pseudonym Schemes for Vehicular Networks |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Desmoulins, Nicolas, Diop, Aïda, Rafflé, Yvan, Traoré, Jacques, Gratesac, Josselin |
Conference Name | 2019 IEEE Vehicular Networking Conference (VNC) |
Date Published | Dec. 2019 |
Publisher | IEEE |
ISBN Number | 978-1-7281-4571-6 |
Keywords | anonymous messaging, attestation, composability, direct anonymous attestation, Hardware, Human Behavior, Metrics, network accountability, privacy, Protocols, pubcrawl, resilience, Resiliency, security, Trusted Computing, Vehicles, vehicular ad hoc networks, Vehicular Communication Systems |
Abstract | Vehicular communication systems increase traffic efficiency and safety by allowing vehicles to share safety-related information and location-based services. Pseudonym schemes are the standard solutions providing driver/vehicle anonymity, whilst enforcing vehicle accountability in case of liability issues. State-of-the-art PKI-based pseudonym schemes present scalability issues, notably due to the centralized architecture of certificate-based solutions. The first Direct Anonymous Attestation (DAA)-based pseudonym scheme was introduced at VNC 2017, providing a decentralized approach to the pseudonym generation and update phases. The DAA-based construction leverages the properties of trusted computing, allowing vehicles to autonomously generate their own pseudonyms by using a (resource constrained) Trusted Hardware Module or Component (TC). This proposition however requires the TC to delegate part of the (heavy) pseudonym generation computations to the (more powerful) vehicle's On-Board Unit (OBU), introducing security and privacy issues in case the OBU becomes compromised. In this paper, we introduce a novel pseudonym scheme based on a variant of DAA, namely a pre-DAA-based pseudonym scheme. All secure computations in the pre-DAA pseudonym lifecycle are executed by the secure element, thus creating a secure enclave for pseudonym generation, update, and revocation. We instantiate vehicle-to-everything (V2X) with our pre-DAA solution, thus ensuring user anonymity and user-controlled traceability within the vehicular network. In addition, the pre-DAA-based construction transfers accountability from the vehicle to the user, thus complying with the many-to-many driver/vehicle relation. We demonstrate the efficiency of our solution with a prototype implementation on a standard Javacard (acting as a TC), showing that messages can be anonymously signed and verified in less than 50 ms. |
URL | https://ieeexplore.ieee.org/document/9062804 |
DOI | 10.1109/VNC48660.2019.9062804 |
Citation Key | desmoulins_practical_2019 |