TY - GEN
T1 - Protecting vehicular networks privacy in the presence of a single adversarial authority
AU - Chen, Chang Wu
AU - Chang, Sang Yoon
AU - Hu, Yih Chun
AU - Chen, Yen Wen
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/12/19
Y1 - 2017/12/19
N2 - In vehicular networks, each message is signed by the generating node to ensure accountability for the contents of that message. For privacy reasons, each vehicle uses a collection of certificates, which for accountability reasons are linked at a central authority. One such design is the Security Credential Management System (SCMS) [1], which is the leading credential management system in the US. The SCMS is composed of multiple components, each of which has a different task for key management, which are logically separated. The SCMS is designed to ensure privacy against a single insider compromise, or against outside adversaries. In this paper, we demonstrate that the current SCMS design fails to achieve its design goal, showing that a compromised authority can gain substantial information about certificate linkages. We propose a solution that accommodates threshold-based detection, but uses relabeling and noise to limit the information that can be learned from a single insider adversary. We also analyze our solution using techniques from differential privacy and validate it using traffic-simulator based experiments. Our results show that our proposed solution prevents privacy information leakage against the compromised authority in collusion with outsider attackers.
AB - In vehicular networks, each message is signed by the generating node to ensure accountability for the contents of that message. For privacy reasons, each vehicle uses a collection of certificates, which for accountability reasons are linked at a central authority. One such design is the Security Credential Management System (SCMS) [1], which is the leading credential management system in the US. The SCMS is composed of multiple components, each of which has a different task for key management, which are logically separated. The SCMS is designed to ensure privacy against a single insider compromise, or against outside adversaries. In this paper, we demonstrate that the current SCMS design fails to achieve its design goal, showing that a compromised authority can gain substantial information about certificate linkages. We propose a solution that accommodates threshold-based detection, but uses relabeling and noise to limit the information that can be learned from a single insider adversary. We also analyze our solution using techniques from differential privacy and validate it using traffic-simulator based experiments. Our results show that our proposed solution prevents privacy information leakage against the compromised authority in collusion with outsider attackers.
UR - http://www.scopus.com/inward/record.url?scp=85046552546&partnerID=8YFLogxK
U2 - 10.1109/CNS.2017.8228648
DO - 10.1109/CNS.2017.8228648
M3 - 會議論文篇章
AN - SCOPUS:85046552546
T3 - 2017 IEEE Conference on Communications and Network Security, CNS 2017
SP - 1
EP - 9
BT - 2017 IEEE Conference on Communications and Network Security, CNS 2017
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2017 IEEE Conference on Communications and Network Security, CNS 2017
Y2 - 9 October 2017 through 11 October 2017
ER -