SLIDE 1
KTH ROYAL INSTITUTE OF TECHNOLOGY
SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems
- M. Khodaei, H. Jin and P
SECMACE: Scalable and Robust Identity and Credential Management - - PowerPoint PPT Presentation
SECMACE: Scalable and Robust Identity and Credential Management - - PowerPoint PPT Presentation
KTH ROYAL INSTITUTE OF TECHNOLOGY SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems M. Khodaei, H. Jin and P . Papadimitratos Networked Systems Security Group (NSS) In IEEE
SLIDE 2
SLIDE 3
Vehicular Communication (VC) Systems
Figure: Photo Courtesy of the Car2Car Communication Consortium (C2C-CC) 3/42
SLIDE 4
Security and Privacy for VC Systems1
Basic Requirements
◮ Message authentication & integrity ◮ Message non-repudiation ◮ Access control ◮ Entity authentication ◮ Accountability ◮ Privacy protection
Vehicular Public-Key Infrastructure (VPKI)
◮ Pseudonymous authentication ◮ Trusted Third Party (TTP):
◮ Certification Authority (CA) ◮ Issues credentials & binds users to their pseudonyms 1P . Papadimitratos, et al. “Securing Vehicular Communications - Assumptions, Require- ments, and Principles,” in ESCAR, Berlin, Germany, pp. 5-14, Nov. 2006. P . Papadimitratos, et al. “Secure Vehicular Communication Systems: Design and Architec- ture,” in IEEE Communications Magazine, vol. 46, no. 11, pp. 100-109, Nov. 2008.
4/42
SLIDE 5
Security and Privacy for VC Systems (cont’d)
◮ Sign packets with the private key, corresponding to the current
valid pseudonym
◮ Verify packets with the valid pseudonym ◮ Cryptographic operations in a Hardware Security Module (HSM)
5/42
SLIDE 6
State-of-the-art Standardization and harmonization efforts
◮ IEEE 1609.2 [1], ETSI [2] and C2C-CC [3] ◮ VC related specifications for security and
privacy-preserving architectures Projects
◮ SEVECOM, EVITA, PRECIOSA, OVERSEE,
DRIVE-C2X, Safety Pilot, PRESERVE, CAMP-VSC3 Proposals
◮ V-Token, CoPRA, SCMS , SEROSA, PUCA
6/42
SLIDE 7
Outline Secure Vehicular Communication (VC) Systems Problem Statement System Model Security and Privacy Analysis Performance Evaluation Summary of Contributions and Future Steps
7/42
SLIDE 8
Problem Statement and Motivation The design of a VPKI
◮ Resilience ◮ Stronger adversarial model (than fully-trustworthy entities)
◮ User privacy protection against “honest-but-curious” entities ◮ User privacy enhancement and service unlinkability
(inference of service provider or time)
◮ Pseudonym acquistion policies
◮ How should each vehicle interact with the VPKI, e.g., how
frequently and for how long?
◮ Should each vehicle itself determine the pseudonym
lifetime?
◮ Operation across multiple domains, thus a scalable design ◮ Efficiency and robustness
8/42
SLIDE 9
Security and Privacy Requirements for the VPKI Protocols
◮ Authentication, communication integrity and confidentiality ◮ Authorization and access control ◮ Non-repudiation, accountability and eviction (revocation) ◮ Privacy
◮ Anonymity (conditional) ◮ Unlinkability
◮ Thwarting Sybil-based misbehavior ◮ Availability
9/42
SLIDE 10
Adversarial Model External adversaries Internal adversaries Stronger adversarial model
Protection against honest-but-curious VPKI entities
◮ Correct execution of protocols but motivated to profile users ◮ Concealing pseudonym provider identity and acquisition time, and
reducing pseudonyms linkability (inference based on time)
Multiple VPKI entities could collude 10/42
SLIDE 11
Outline Secure Vehicular Communication (VC) Systems Problem Statement System Model Security and Privacy Analysis Performance Evaluation Summary of Contributions and Future Steps
11/42
SLIDE 12
Secure VC System
◮
Root Certification Authority (RCA)
◮
Long Term CA (LTCA)
◮
Pseudonym CA (PCA)
◮
Resolution Authority (RA)
◮
Lightweight Directory Access Protocol (LDAP)
◮
Roadside Unit (RSU)
◮
Trust established with RCA, or through cross certification
RSU 3/4/5G
PCA LTCA PCA LTCA RCA PCA LTCA B A A certifies B Cross-certification Communication link Domain A Domain B Domain C RA RA RA B
X-Cetify
LDAP LDAP Message dissemination {Msg}(Piv),{Pi
v}(PCA)
{Msg}(Piv),{Pi
v}(PCA)
Figure: VPKI Overview 12/42
SLIDE 13
System Model
F-LTCA PCA H-LTCA RCA B A A certifies B Communication link Home Domain (A) Foreign Domain (B) LDAP PCA RA RA
- 1. LTC
- 2. n-tkt
- I. f-tkt req.
- II. f-tkt III. n-tkt
- 3. psnym req.
- 4. psnyms acquisition
- IV. psnym req.
- V. psnyms acquisition
Figure: VPKI Architecture 13/42
SLIDE 14
Pseudonym Acquisition Policies
User-controlled policy (P1) Oblivious policy (P2) Universally fixed policy (P3) ΓP3 ΓP3 ΓP3 System Time
Trip Duration
}
τP
}
τP
}
τP
}
τP
}
τP
}
τP
}
τP
}
τP
ΓP2 ΓP2
}
τP
}
τP
}
τP
}
τP
}
τP
}
τP
}
τP
}
τP
}
τP
}
τP
}
τP
Unused Pseudonyms
tstart
Expired Pseudonym
tend
◮ P1 & P2: Requests could act as user “fingerprints”; the exact time
- f requests and all subsequent requests until the end of trip could
14/42
SLIDE 15
Vehicle Registration and Long Term Certificate (LTC) Update
V H-LT CA
- 1. LKv, Lkv
- 2. (LKv)σLkv , N, t
- 3. Cert(LT Cltca, LKv)
- 4. LT Cv, N + 1, t
15/42
SLIDE 16
Ticket Acquisition Protocols
Protocol 1 Ticket Request (from the LTCA)
1: procedure REQTICKET(Px, ΓPx, ts, te, tdate) 2:
if Px = P1 then
3:
(ts, te) ← (ts, te)
4:
else if Px = P2 then
5:
(ts, te) ← (ts, ts + ΓP2)
6:
else if Px = P3 then
7:
(ts, te) ← (tdate + Γi
P3), tdate + Γi+1 P3 )
8:
end if
9:
ζ ← (Idtkt-req, H(IdPCARndtkt), ts, te)
10:
(ζ)σv ← Sign(Lkv, ζ)
11:
return ((ζ)σv , LTCv, N, tnow)
12: end procedure
◮
Run over Transport Layer Security (TLS) with mutual authentication
Protocol 2 Issuing a Ticket (by the LTCA)
1: procedure ISSUETICKET((msg)σv , LTCv, N, tnow) 2:
Verify(LTCv, (msg)σv )
3:
IKtkt ← H(LTCv||ts||te||RndIKtkt)
4:
ζ ← (SN, H(IdPCARndtkt), IKtkt, RndIKtkt, ts, te, Exptkt)
5:
(tkt)σltca ← Sign(Lkltca, ζ)
6:
return ((tkt)σltca, N + 1, tnow)
7: end procedure
◮
“ticket identifiable key” (IKtkt) binds a ticket to the corresponding LTC
◮
Preventing a compromised LTCA from mapping a different LTC during resolution process
16/42
SLIDE 17
Pseudonyms Acquisition Protocols
Protocol 3 Pseudonym Request (from the PCA)
1: procedure REQPSNYMS(ts, te, (tkt)σltca) 2:
for i:=1 to n do
3:
Begin
4:
Generate(K i
v, ki v)
5:
(K i
v)σki
v ← Sign(ki
v, K i v)
6:
End
7:
psnymReq ← (Idreq, Rndtkt, ts, te, (tkt)σltca, {(K 1
v )σk1
v , ..., (K n
v )σkn
v }, N, tnow)
8:
return psnymReq
9: end procedure
◮
Run over TLS with unidirectional (server-only) authentication
Protocol 4 Issuing Pseudonyms (by the PCA)
1: procedure ISSUEPSNYMS(psnymReq) 2:
psnymReq → (Idreq, Rndtkt, ts, te, (tkt)σltca, {(K 1
v )σk1
v , ..., (K n
v )σkn
v }, N, tnow)
3:
Verify(LTCltca, (tkt)σltca)
4:
H(Idthis-PCARndtkt) ? = H(IdPCARndtkt)
5:
[ts, te] ? = ([ts, te])tkt
6:
for i:=1 to n do
7:
Begin
8:
Verify(K i
v, (K i v)σki
v )
9:
IKPi ← H(IKtkt||K i
v||ti s||ti e||RndIK i
v)
10:
ζ ← (SNi, K i
v, IKPi, RndIK i
v , ti
s, ti e)
11:
(Pi
v)σpca ← Sign(Lkpca, ζ)
12:
End
13:
return ({(P1
v )σpca, . . . , (Pn v )σpca}, N+1, tnow)
14: end procedure
◮
“pseudonym identifiable key” (IKPi ) binds a pseudonym to the corresponding ticket
◮
Preventing a compromised PCA from mapping a different ticket during resolution process
17/42
SLIDE 18
Ticket and Pseudonym Acquisition
V H-LTCA PCA
- 1. H(PCAID Rnd256), ts, te, LT Cv, N, t
- 2. Cert(LT Cltca, tkt)
- 3. tkt, N + 1, t
- 4. tkt, Rnd256, ts′, te′, {(K1
v)σk1
v , ..., (Kn
v )σkn
v }, N ′, t
- 5. Cert(LT Cpca, P i
v)
- 6. {P 1
v , . . . , P n v }, N ′ + 1, t
18/42
SLIDE 19
Roaming User: Foreign Ticket Authentication
V LDAP H-LT CA
- 1. LDAP Req.
2.LDAP Search
- 3. LDAP Res.
- 4. H(F-LT CAID Rnd256), ts, te, LT Cv, N, t
- 5. Cert(LT Cltca, f-tkt)
- 6. f-tkt, N + 1, t
19/42
SLIDE 20
Native Ticket and Pseudonym Acquisition in the Foreign Domain
V F-LT CA PCA
- 1. f-tkt, H(PCAID||Rnd′
256), Rnd256, N, t
2.Cert(LT Cltca, n-tkt)
- 3. n-tkt, N + 1, t
- 4. n-tkt, Rnd′
256, ts′, te′, {(K1 v)σk1
v , ..., (Kn
v )σkn
v }, N ′, t
- 5. Cert(LT Cpca, P i
v)
- 6. {P 1
v , . . . , P n v }, N ′ + 1, t
20/42
SLIDE 21
Pseudonym Revocation and Resolution
RA PCA LT CA
- 1. Pi, N, t
2.Update CRL
- 3. tkt, N + 1, t
4.SNtkt, N ′, t 5.Resolve LT Cv 6.LT Cv, N ′ + 1, t
21/42
SLIDE 22
Outline Secure Vehicular Communication (VC) Systems Problem Statement System Model Security and Privacy Analysis Performance Evaluation Summary of Contributions and Future Steps
22/42
SLIDE 23
Security and Privacy Analysis
◮ Communication integrity, confidentiality, and non-repudiation
◮ Certificates, TLS and digital signatures
◮ Authentication, authorization and access control
◮ LTCA is the policy decision and enforcement point ◮ PCA grants the service ◮ Security association discovery through LDAP
◮ Concealing PCAs, F-LTCA, actual pseudonym acquisition period
◮ Sending H(PCAid Rnd256), ts, te, LTCv to the H-LTCA ◮ PCA verifies if [t′ s, t′ e] ⊆ [ts, te]
◮ Thwarting Sybil-based misbehavior
◮ LTCA never issues valid tickets with overlapping lifetime (for a given
domain)
◮ A ticket is bound to a specific PCA ◮ PCA keeps records of ticket usage
23/42
SLIDE 24
Linkability based
- n
Timing Information
- f Credentials
5 10 15 20 25 30 35 40 45 50 55 60 System Time [min.] 1 2 3 4 5 6 7 8 9 10
τP= 5 min.
5 10 15 20 25 30 35 40 45 50 55 60 System Time [min.] 1 2 3 4 5 6 7 8 9 10
τP= 5 min., ΓP2= 15min.
5 10 15 20 25 30 35 40 45 50 55 60 System Time [min.] 1 2 3 4 5 6 7 8 9 10
τP= 5 min., ΓP3= 15min.
(a) P1: User-controlled policy (b) P2: Oblivious policy (c) P3: Universally fixed policy
◮ Non-overlapping pseudonym lifetimes from eavesdroppers’ perspective ◮ P1 & P2: Distinct lifetimes per vehicle make linkability easier (requests/pseudonyms could act as user ‘fingerprints’) ◮ P3: Uniform pseudonym lifetime results in no distinction
24/42
SLIDE 25
Outline Secure Vehicular Communication (VC) Systems Problem Statement System Model Security and Privacy Analysis Performance Evaluation Summary of Contributions and Future Steps
25/42
SLIDE 26
Experimental Setup
◮ VPKI testbed
◮ Implementation in C++ ◮ OpenSSL: TLS and Elliptic Curve Digital Signature Algorithm (ECDSA)-256 according to the standard [1]
◮ Network connectivity
◮ Varies depending on the actual OBU-VPKI connectivity ◮ Reliable connectivity to the VPKI (e.g., RSU, Cellular, opportunistic WiFi)
Table: Servers and Clients Specifications
LTCA PCA RA Clients VM Number 2 5 1 25 Dual-core CPU (Ghz) 2.0 2.0 2.0 2.0 BogoMips 4000 4000 4000 4000 Memory 2GB 2GB 1GB 1GB Database MySQL MySQL MySQL MySQL Web Server Apache Apache Apache
- Load Balancer
Apache Apache
- Emulated Threads
- 400
◮ Use cases
◮ Pseudonym provision ◮ Performing a DDoS attack
26/42
SLIDE 27
Experimental Setup (cont’d)
Table: Mobility Traces Information
TAPASCologne LuST [5] Number of vehicles 75,576 138,259 Number of trips 75,576 287,939 Duration of snapshot (hour) 24 24 Available duration of snapshot (hour) 2 (6-8 AM) 24 Average trip duration (sec.) 590.49 692.81 Total trip duration (sec.) 44,655,579 102,766,924
◮ Main metric
◮ End-to-end pseudonym
acquisition latency from the initialization of ticket acquisition protocol till successful completion of pseudonym acquisition protocol
Table: Servers & Clients Specifications
LTCA PCA Client Number of entities 1 1 1 Dual-core CPU (Ghz) 2.0 2.0 2.0 BogoMips 4000 4000 4000 Memory 2GB 2GB 1GB Database MySQL MySQL MySQL
◮ N.B. PRESERVE Nexcom boxes specs: dual-core 1.66 GHz, 2GB Memory
27/42
SLIDE 28
End-to-end Latency for P1, P2, and P3
Choice of parameters: ◮ Frequency of interaction and volume
- f workload to a PCA
◮ Γ=5 min., τP=0.5 min., 5 min. LuST dataset (τP = 0.5 min): ◮ P1: Fx(t = 167 ms) = 0.99 ◮ P2: Fx(t = 80 ms) = 0.99 ◮ P3: Fx(t = 74 ms) = 0.99
(P1) (P2) (P3)
TAPASCologne dataset LuST dataset
20 40 60 80 100 120
System Time [min.]
20 40 60 80 100 120 140
End-to-End Latency [ms] User-controlled Policy (P1): 1 LTCA and 1 PCA
τP= 0.5 min. τP= 5 min.
200 400 600 800 1000 1200 1400
System Time [min.]
20 40 60 80 100 120 140
End-to-End Latency [ms] User-controlled Policy (P1): 1 LTCA and 1 PCA
τP= 0.5 min. τP= 5 min.
20 40 60 80 100 120
System Time [min.]
20 40 60 80 100 120 140
End-to-End Latency [ms] Oblivious Policy (P2): 1 LTCA and 1 PCA
τP= 0.5 min. τP= 5 min.
200 400 600 800 1000 1200 1400
System Time [min.]
20 40 60 80 100 120 140
End-to-End Latency [ms] Oblivious Policy (P2): 1 LTCA and 1 PCA
τP= 0.5 min. τP= 5 min.
20 40 60 80 100 120
System Time [min.]
20 40 60 80 100 120 140
End-to-End Latency [ms] Universally Fixed Policy (P3): 1 LTCA and 1 PCA
τP= 0.5 min. τP= 5 min.
200 400 600 800 1000 1200 1400
System Time [min.]
20 40 60 80 100 120 140
End-to-End Latency [ms] Universally Fixed Policy (P3): 1 LTCA and 1 PCA
τP= 0.5 min. τP= 5 min.
28/42
SLIDE 29
Latency Comparison for Different Policies
1 2 3 4 5 6 7 8 9 10
Pseudonym Lifetime [min.]
10 20 30 40 50 60 70 80
Average End-to-End Latency [ms]
Average End-to-End Latency Comparison of P1, P2 and P3
P1 P2 (ΓP2= 10 min.) P3 (ΓP3= 10 min.)
Figure: End-to-end latency comparison for different policies (Tapas Dataset) 29/42
SLIDE 30
Pseudonym Utilization, LuST Dataset for P2 & P3
200 400 600 800 1000 1200
Pseudonym Lifetime [sec.]
5 10 15 20
Average Number of Unused Pseudonyms Pseudonym Utilization with Oblivious Policy (P2)
ΓP2= 5 min. ΓP2= 10 min. ΓP2= 15 min. ΓP2= 20 min.
200 400 600 800 1000 1200
Pseudonym Lifetime [sec.]
5 10 15 20
Average Number of Unused Pseudonyms Pseudonym Utilization with Universally Fixed Policy (P3)
ΓP3= 5 min. ΓP3= 10 min. ΓP3= 15 min. ΓP3= 20 min. P2: Oblivious Policy P3: Universally Fixed Policy
30/42
SLIDE 31
The VPKI Servers under a DDoS Attack
200 400 600 800 1000 Faked Requests [per sec.] 50 100 150 200 250 300 350 400 Overhead [ms]
The VPKI Servers under a DDoS Attack: 1 LTCA and 1 PCA
No countermeasure With countermeasure (L=5)
Figure: Overhead to obtain pseudonyms, LuST dataset with P1 (τP = 5 min.) 31/42
SLIDE 32
Performance Evaluation for Ticket and Pseudonym Acquisition
50 100 150 200 250 300
Processing Delay [ms]
0.00 0.20 0.40 0.60 0.80 0.95 1.00
Cumulative Probability LTCA Server Performance: LuST Dataset
1 2 3 4 0.00 0.20 0.40 0.60 0.80 0.95
50 100 150 200
Processing Delay [ms]
0.0 0.2 0.4 0.6 0.8 1.0
Cumulative Probability PCA Server Performance: LuST Dataset
τP= 1 min τP= 3 min τP= 5 min 10 20 30 40 50 0.00 0.20 0.40 0.60 0.80 0.95 Obtaining a Certificate Revocation List (CRL) Online Certificate Status Protocol (OCSP) validation
◮ Ticket Acquisition: Fx(t=4ms)=0.95 or Pr{t≤4ms}=0.95. ◮ Pseudonym Acquisition: Fx(t=52ms)=0.95 or
Pr{t≤52}=0.95. 32/42
SLIDE 33
Performance Evaluation for Pseudonym Revoca- tion (CRL or OCSP)
0.0 0.2 0.4 0.6 0.8 1.0 1.2 1.4 1.6 1.8
End-to-End Latency [sec.]
0.00 0.20 0.40 0.60 0.80 0.95 1.00
Cumulative Probability Obtaining CRL from a PCA: LuST dataset
10K revoked pseudonyms 25K revoked pseudonyms 50K revoked pseudonyms 100K revoked pseudonyms
200 400 600 800 1000 1200 1400
System Time [min.]
10 20 30 40 50 60 70 80
End-to-End Latency [ms] OCSP Validation with 1 PCA: LuST dataset
1 pseudonym per request 100 pseudonyms per request 500 pseudonyms per request Obtaining a CRL OCSP validation
33/42
SLIDE 34
Entities Response Time to Resolve & Revoke a Pseudonym
0.01 0.05 0.1 0.5 1 5 Number of Pseudonyms in the PCA Database (×106)
50 100 150 200
End-to-End Latency [ms]
Resolution & Revocation in a Single Domain Client Side Operations All RA Operations All PCA Operations All LTCA Operations 0.01 0.05 0.1 0.5 1 5
Number of Pseudonyms in the PCA Database (×106)
50 100 150 200
End-to-End Latency [ms]
Resolution & Revocation Across Domains
Client Side Operations All RA Operations All PCA Operations All LTCA Operations All Cross Domain Operations
Single Domain Operation Across Domains Operation
◮ On average 100 ms to resolve & revoke a pseudonym
34/42
SLIDE 35
Comparison with Other Implementations
Table: Latency for issuing 100 pseudonyms (without communication delay) DelayPCA CPUPCA VeSPA [6] 817 ms 3.4 GHz SEROSA [7] 650 ms 2.0 GHz PUCA [8] 1000 ms 2.53 GHz PRESERVE PKI (Fraunhofer SIT) [9] ≈ 4000 ms N/A C2C-CC PKI (ESCRYPT) [3] 393 ms N/A SECMACE 260 ms 2.0 GHz 35/42
SLIDE 36
Outline Secure Vehicular Communication (VC) Systems Problem Statement System Model Security and Privacy Analysis Performance Evaluation Summary of Contributions and Future Steps
36/42
SLIDE 37
Summary of Contributions
- 1. Facilitating multi-domain operation
- 2. Offering increased user privacy protection
◮ Honest-but-curious system entities ◮ Eliminating pseudonym linking based on timing information
- 3. Eradication of Sybil-based misbehavior
- 4. Proposing multiple generally applicable pseudonym
acquisition policies
- 5. Detailed analysis of security and privacy protocols
- 6. Extensive experimental evaluation
◮ Efficiency, scalability, and robustness ◮ Achieving significant performance improvement ◮ Modest VMs can serve sizable areas or domain
37/42
SLIDE 38
Future Steps VPKI enhancements
◮ Evaluation of the level of privacy, i.e., unlinkability, based on
the timing information of the pseudonyms for each policy
◮ Evaluation of actual networking latency, e.g., OBU-RSU ◮ Rigorous analysis of the security and privacy protocols
Efficient distribution of revocation information
◮ How to disseminate pseudonyms validity information
without interfering with vehicles operations? 38/42
SLIDE 39
Bibliography I
[1] “IEEE Standard for Wireless Access in Vehicular Environments - Security Services for Applications and Management Messages,” IEEE Std 1609.2-2016 (Revision of IEEE Std 1609.2-2013), Mar. 2016. [2]
- T. ETSI, “ETSI TS 103 097 v1. 1.1-Intelligent Transport Systems (ITS); Security; Security Header and
Certificate Formats, Standard, TC ITS,” Apr. 2013. [3] Car-to-Car Communication Consortium (C2C-CC), June 2013. [Online]. Available: http://www.car-2-car.org/ [4]
- W. Whyte, A. Weimerskirch, V. Kumar, and T. Hehn, “A Security Credential Management System for
V2V Communications,” in IEEE VNC, Boston, MA, pp. 1–8, Dec. 2013. [5]
- L. Codeca, R. Frank, and T. Engel, “Luxembourg Sumo Traffic (LuST) Scenario: 24 Hours of Mobility
for Vehicular Networking Research,” in IEEE VNC, Kyoto, Japan, pp. 1–8, Dec. 2015.
39/42
SLIDE 40
Bibliography II
[6]
- N. Alexiou, M. Laganà, S. Gisdakis, M. Khodaei, and P
. Papadimitratos, “VeSPA: Vehicular Security and Privacy-preserving Architecture,” in Proceedings of the 2nd ACM workshop on Hot topics on wireless network security and privacy, Budapest, Hungary, pp. 19–24, Apr. 2013. [7]
- S. Gisdakis, M. Laganà, T. Giannetsos, and P
. Papadimitratos, “SEROSA: SERvice Oriented Security Architecture for Vehicular Communications,” in IEEE VNC, Boston, MA, USA, Dec. 2013. [8]
- D. Förster, H. Löhr, and F. Kargl, “PUCA: A Pseudonym Scheme with User-Controlled Anonymity for
Vehicular Ad-Hoc Networks (VANET),” in IEEE VNC, Paderborn, Germany, Dec. 2014. [9] “Preparing Secure Vehicle-to-X Communication Systems - PRESERVE.” [Online]. Available: http://www.preserve-project.eu/ [10]
- M. Khodaei, “Secure Vehicular Communication Systems: Design and Implementation of a Vehicular
PKI (VPKI),” Master’s thesis, Lab of Communication Networks (LCN), KTH University, Oct. 2012.
40/42
SLIDE 41
Bibliography III
[11]
- M. Khodaei, H. Jin, and P
. Papadimitratos, “Towards Deploying a Scalable & Robust Vehicular Identity and Credential Management Infrastructure,” in IEEE Vehicular Networking Conference (VNC), Paderborn, Germany, pp. 33–40, Dec. 2014. [12]
- M. Khodaei and P
. Papadimitratos, “The Key to Intelligent Transportation: Identity and Credential Management in Vehicular Communication Systems,” IEEE VT Magazine, vol. 10, no. 4, pp. 63–69,
- Dec. 2015.
[13] ——, “Evaluating On-demand Pseudonym Acquisition Policies in Vehicular Communication Systems,” in Proceedings of the First International Workshop on Internet of Vehicles and Vehicles of Internet, Paderborn, Germany, pp. 7–12, July 2016.
41/42
SLIDE 42
SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems
- M. Khodaei, H.Jin, and P