SlideShare ist ein Scribd-Unternehmen logo

Binary Hash Tree based Certificate Access Management for Connected Vehicles (BCAM)

OnBoard Security, Inc. - a Qualcomm Company
OnBoard Security, Inc. - a Qualcomm Company

Presentation given at WiSec 2017 by Dr. Virendra Kumar. His, along with Drs. Jonathan Petit and William Whyte's, paper was one of six to receive the reproducibility label.

Technologie
1 von 22
Downloaden Sie, um offline zu lesen
Binary Hash Tree based Certificate Access Management for Connected Vehicles (BCAM) Virendra Kumar, Jonathan Petit, William Whyte
Background
source: nhtsa.gov 3
source: gpo.gov 4
V2V Communications Security Basic Safety Message Basic Safety Message Basic Safety Message Basic Safety Message 5
The Big Dilemma Lifetime Supply Who pays for 2-way connectivity? What happens if the vehicle is hacked? 6
Current Certificate Model 3 years’ worth 3 years’ worth RA 7
BCAM Proposal
Encrypted Batches of Certificates 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 … n 9
Periodic Key Updates i i 10
Compression using Binary Hash Trees 10 0100 10 11 000 001 010 011 100 101 110 111 seed 0 1 2 3 4 5 6 7 11
Day 1: No Revocation 10 0100 10 11 000 001 010 011 100 101 110 111 seed 0 1 2 3 4 5 6 7 Published node Derived node 12
Day 2: Vehicles 2, 4, 5 Revoked 10 0100 10 11 000 001 010 011 100 101 110 111 seed 0 1 2 3 4 5 6 7 Published node Derived node Revoked node 13
Pathological: Every Other Vehicle Revoked 10 0100 10 11 000 001 010 011 100 101 110 111 seed 0 1 2 3 4 5 6 7 Published node Derived node Revoked node 14
Binary Tree Encoding Encoding Size Decoding Time Unique index of each published node r * log2(n/r) * (log2(n) + 1) number of published nodes Same as searching Unique index of each revoked leaf node r * log2(n) No efficient algorithm known n: number of leaf-nodes, r: number of revoked vehicles, 1 ≤ r ≤ n/2 Can we get the best of both worlds? 15
A New Algorithm for Full Binary Trees Observations: 1. Topology known, only need to know which nodes are published and which are omitted. 2. Subtree of a published node can be ignored without any loss of information. Encoding: 1. Start from root with an empty string. 2. Do breadth-first traversal. 1. Append 0 for revoked node. 2. Append 1 for published node. 3. Do nothing for derived node. 0 0 0 1 0 0 1 0 1 0 0 0 00 1001 0100Encoded string: Disclaimer: Authors are not aware of any prior art with equivalent encoding sizes and decoding times. 1 2 3 Published nodes: 00, 11, 011 16
A New Algorithm for Full Binary Trees Contd. Decoding: 1. Start from root and process 1 level at a time. 2. At every level, look at the bit of interest 1. If 0, go to next level. 2. If 1, output the number of 1s so far, and stop. Example (vehicle 3  011): Disclaimer: Authors are not aware of any prior art with equivalent encoding sizes and decoding times. Encoding: 0 00 1001 0100 Bits at a level: # bits before bit of interest: 0 # bits after bit of interest: 0 Rules for going to next level: 1. # bits before = 2 * (# 0s in bits before bit of interest) 2. Add 1 to (# bits before), if next bit of vehicle ID is 1. 3. # bits after = 2 * (# 0s in bits after bit of interest) 4. Add 1 to (# bits after), if next bit of vehicle ID is 0. bit of interest Vehicle ID bit Bits at a level: # bits before bit of interest: 0 # bits after bit of interest: 1 Bits at a level: # bits before bit of interest: 1 # bits after bit of interest: 2 Bits at a level: # bits before bit of interest: 1 # bits after bit of interest: 2 3 1 2 3 17
Efficiency of Encoding Algorithm  Encoding size – # published nodes ≈ # revoked nodes, i.e. encoding has roughly the same number of 0s and 1s. – Size ≈ 2*r*log2(n/r) – For n=240, r=1,000, encoding takes less than 1% of the full packet, i.e. about 20 times smaller than using unique index of each published node.  Decoding time – Breadth-first but queue size ≤ r. – For n=240, r=10,000, a consumer laptop (2.7 GHz Intel Core i7, 16GB RAM) takes less than 3 milliseconds on average. 18 n: number of leaf-nodes, r: number of revoked vehicles, 1 ≤ r ≤ n/2
“Not all compromises are created equal.” Software Compromise Hardware Compromise Can be easily replicated and spread quickly Most likely require specialized hardware Can be easily fixed by over-the-air updates Most likely need to replace the hardware Attack can be distributed over the Internet requiring less effort and resources Most likely require lot of effort and resources 19
“So, we treat them differently.”  Software compromise  “soft revocation list” 0 1 2 3 4 5 6 7 8 9 …  A compromised vehicle is put on the SRL first, by flipping its bit.  If the vehicle on SRL continues to misbehave, it is “hard” revoked via binary tree approach. 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 …1 1 1 20
Conclusion  Positives – No need of bidirectional connectivity for certificate download – Revocation enforced at sender  Soft/hard revocation prevent sender from sending valid messages  Receivers don’t need to store revocation information  Scales naturally, can handle a much higher rate of revocation than current system – Vehicles can be unrevoked  Vehicles revoked in error  Vehicles whose issues have been addressed  Negatives – Less agile – Longer CA lifetimes Our belief is that positives outweigh the negatives. We hope you feel the same.  21 positives
Thank you! 22

Empfohlen

Garbled Circuits for Secure Credential Management Services
Garbled Circuits for Secure Credential Management ServicesGarbled Circuits for Secure Credential Management Services
Garbled Circuits for Secure Credential Management ServicesOnBoard Security, Inc. - a Qualcomm Company
 
Quantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic ModulesQuantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic ModulesOnBoard Security, Inc. - a Qualcomm Company
 
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...OnBoard Security, Inc. - a Qualcomm Company
 
Connected Cars: What Could Possibly Go Wrong
Connected Cars: What Could Possibly Go WrongConnected Cars: What Could Possibly Go Wrong
Connected Cars: What Could Possibly Go WrongOnBoard Security, Inc. - a Qualcomm Company
 
Locking Down and Re-Using V2X Security - Lessons for Smart Cities
Locking Down and Re-Using V2X Security - Lessons for Smart CitiesLocking Down and Re-Using V2X Security - Lessons for Smart Cities
Locking Down and Re-Using V2X Security - Lessons for Smart CitiesOnBoard Security, Inc. - a Qualcomm Company
 
Misbehavior Handling Throughout the V2V System Lifecycle
Misbehavior Handling Throughout the V2V System LifecycleMisbehavior Handling Throughout the V2V System Lifecycle
Misbehavior Handling Throughout the V2V System LifecycleOnBoard Security, Inc. - a Qualcomm Company
 
Certificate Management Protocols for 1609.2 Certificates
Certificate Management Protocols for 1609.2 CertificatesCertificate Management Protocols for 1609.2 Certificates
Certificate Management Protocols for 1609.2 CertificatesOnBoard Security, Inc. - a Qualcomm Company
 
Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018
Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018 Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018
Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018 OnBoard Security, Inc. - a Qualcomm Company
 

Empfohlen

Garbled Circuits for Secure Credential Management Services
Garbled Circuits for Secure Credential Management ServicesGarbled Circuits for Secure Credential Management Services
Garbled Circuits for Secure Credential Management ServicesOnBoard Security, Inc. - a Qualcomm Company
 
Quantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic ModulesQuantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic ModulesOnBoard Security, Inc. - a Qualcomm Company
 
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...OnBoard Security, Inc. - a Qualcomm Company
 
Connected Cars: What Could Possibly Go Wrong
Connected Cars: What Could Possibly Go WrongConnected Cars: What Could Possibly Go Wrong
Connected Cars: What Could Possibly Go WrongOnBoard Security, Inc. - a Qualcomm Company
 
Locking Down and Re-Using V2X Security - Lessons for Smart Cities
Locking Down and Re-Using V2X Security - Lessons for Smart CitiesLocking Down and Re-Using V2X Security - Lessons for Smart Cities
Locking Down and Re-Using V2X Security - Lessons for Smart CitiesOnBoard Security, Inc. - a Qualcomm Company
 
Misbehavior Handling Throughout the V2V System Lifecycle
Misbehavior Handling Throughout the V2V System LifecycleMisbehavior Handling Throughout the V2V System Lifecycle
Misbehavior Handling Throughout the V2V System LifecycleOnBoard Security, Inc. - a Qualcomm Company
 
Certificate Management Protocols for 1609.2 Certificates
Certificate Management Protocols for 1609.2 CertificatesCertificate Management Protocols for 1609.2 Certificates
Certificate Management Protocols for 1609.2 CertificatesOnBoard Security, Inc. - a Qualcomm Company
 
Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018
Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018 Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018
Secure Drone-to-X Communication - AUVSI XPONENTIAL 2018 OnBoard Security, Inc. - a Qualcomm Company
 
Transforming Security: Containers, Virtualization and Softwarization
Transforming Security: Containers, Virtualization and SoftwarizationTransforming Security: Containers, Virtualization and Softwarization
Transforming Security: Containers, Virtualization and SoftwarizationPriyanka Aash
 
Guillou-quisquater protocol for user authentication based on zero knowledge p...
Guillou-quisquater protocol for user authentication based on zero knowledge p...Guillou-quisquater protocol for user authentication based on zero knowledge p...
Guillou-quisquater protocol for user authentication based on zero knowledge p...TELKOMNIKA JOURNAL
 
IRJET- Enhancing Network Security by Modified Secure Dynamic Path Identifiers
IRJET- Enhancing Network Security by Modified Secure Dynamic Path IdentifiersIRJET- Enhancing Network Security by Modified Secure Dynamic Path Identifiers
IRJET- Enhancing Network Security by Modified Secure Dynamic Path IdentifiersIRJET Journal
 
A NEW GENERATION OF DRIVER ASSISTANCE AND SECURITY
A NEW GENERATION OF DRIVER ASSISTANCE AND SECURITYA NEW GENERATION OF DRIVER ASSISTANCE AND SECURITY
A NEW GENERATION OF DRIVER ASSISTANCE AND SECURITYIJCI JOURNAL
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware
 
Antony's Final Draft v7
Antony's Final Draft v7Antony's Final Draft v7
Antony's Final Draft v7Antony Law
 
An Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
An Encryption Algorithm To Evaluate Performance Of V2v Communication In VanetAn Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
An Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanetijcisjournal
 
SDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinSDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinZivaro Inc
 
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...Open Networking Perú (Opennetsoft)
 
An Identity-Based Mutual Authentication with Key Agreement
An Identity-Based Mutual Authentication with Key AgreementAn Identity-Based Mutual Authentication with Key Agreement
An Identity-Based Mutual Authentication with Key Agreementijtsrd
 
OWASP Brisbane - SDN Security
OWASP Brisbane - SDN SecurityOWASP Brisbane - SDN Security
OWASP Brisbane - SDN SecurityDavid Jorm
 
IRJET- Secure Kerberos System in Distributed Environment
IRJET- Secure Kerberos System in Distributed EnvironmentIRJET- Secure Kerberos System in Distributed Environment
IRJET- Secure Kerberos System in Distributed EnvironmentIRJET Journal
 
IS Unit 7_Network Security
IS Unit 7_Network SecurityIS Unit 7_Network Security
IS Unit 7_Network SecuritySarthak Patel
 
A look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineA look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineKaspersky
 
iot hacking, smartlockpick
iot hacking, smartlockpick iot hacking, smartlockpick
iot hacking, smartlockpickidsecconf
 
44CON & Ruxcon: SDN security
44CON & Ruxcon: SDN security44CON & Ruxcon: SDN security
44CON & Ruxcon: SDN securityDavid Jorm
 
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...Mahmud Hossain
 
Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...
Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...
Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...Ivan Ruchkin
 
Tools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalTools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalPriyanka Aash
 
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....Shah Sheikh
 
Link layer, checksum, ethenet.pptx
Link layer, checksum, ethenet.pptxLink layer, checksum, ethenet.pptx
Link layer, checksum, ethenet.pptxMeenalochini M
 
Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158Editor IJARCET
 

Weitere ähnliche Inhalte

Was ist angesagt?

Transforming Security: Containers, Virtualization and Softwarization
Transforming Security: Containers, Virtualization and SoftwarizationTransforming Security: Containers, Virtualization and Softwarization
Transforming Security: Containers, Virtualization and SoftwarizationPriyanka Aash
 
Guillou-quisquater protocol for user authentication based on zero knowledge p...
Guillou-quisquater protocol for user authentication based on zero knowledge p...Guillou-quisquater protocol for user authentication based on zero knowledge p...
Guillou-quisquater protocol for user authentication based on zero knowledge p...TELKOMNIKA JOURNAL
 
IRJET- Enhancing Network Security by Modified Secure Dynamic Path Identifiers
IRJET- Enhancing Network Security by Modified Secure Dynamic Path IdentifiersIRJET- Enhancing Network Security by Modified Secure Dynamic Path Identifiers
IRJET- Enhancing Network Security by Modified Secure Dynamic Path IdentifiersIRJET Journal
 
A NEW GENERATION OF DRIVER ASSISTANCE AND SECURITY
A NEW GENERATION OF DRIVER ASSISTANCE AND SECURITYA NEW GENERATION OF DRIVER ASSISTANCE AND SECURITY
A NEW GENERATION OF DRIVER ASSISTANCE AND SECURITYIJCI JOURNAL
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware
 
Antony's Final Draft v7
Antony's Final Draft v7Antony's Final Draft v7
Antony's Final Draft v7Antony Law
 
An Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
An Encryption Algorithm To Evaluate Performance Of V2v Communication In VanetAn Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
An Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanetijcisjournal
 
SDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinSDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinZivaro Inc
 
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...Open Networking Perú (Opennetsoft)
 
An Identity-Based Mutual Authentication with Key Agreement
An Identity-Based Mutual Authentication with Key AgreementAn Identity-Based Mutual Authentication with Key Agreement
An Identity-Based Mutual Authentication with Key Agreementijtsrd
 
OWASP Brisbane - SDN Security
OWASP Brisbane - SDN SecurityOWASP Brisbane - SDN Security
OWASP Brisbane - SDN SecurityDavid Jorm
 
IRJET- Secure Kerberos System in Distributed Environment
IRJET- Secure Kerberos System in Distributed EnvironmentIRJET- Secure Kerberos System in Distributed Environment
IRJET- Secure Kerberos System in Distributed EnvironmentIRJET Journal
 
IS Unit 7_Network Security
IS Unit 7_Network SecurityIS Unit 7_Network Security
IS Unit 7_Network SecuritySarthak Patel
 
A look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineA look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineKaspersky
 
iot hacking, smartlockpick
iot hacking, smartlockpick iot hacking, smartlockpick
iot hacking, smartlockpickidsecconf
 
44CON & Ruxcon: SDN security
44CON & Ruxcon: SDN security44CON & Ruxcon: SDN security
44CON & Ruxcon: SDN securityDavid Jorm
 
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...Mahmud Hossain
 
Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...
Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...
Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...Ivan Ruchkin
 
Tools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalTools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalPriyanka Aash
 
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....Shah Sheikh
 

Was ist angesagt? (20)

Transforming Security: Containers, Virtualization and Softwarization
Transforming Security: Containers, Virtualization and SoftwarizationTransforming Security: Containers, Virtualization and Softwarization
Transforming Security: Containers, Virtualization and Softwarization
 
Guillou-quisquater protocol for user authentication based on zero knowledge p...
Guillou-quisquater protocol for user authentication based on zero knowledge p...Guillou-quisquater protocol for user authentication based on zero knowledge p...
Guillou-quisquater protocol for user authentication based on zero knowledge p...
 
IRJET- Enhancing Network Security by Modified Secure Dynamic Path Identifiers
IRJET- Enhancing Network Security by Modified Secure Dynamic Path IdentifiersIRJET- Enhancing Network Security by Modified Secure Dynamic Path Identifiers
IRJET- Enhancing Network Security by Modified Secure Dynamic Path Identifiers
 
A NEW GENERATION OF DRIVER ASSISTANCE AND SECURITY
A NEW GENERATION OF DRIVER ASSISTANCE AND SECURITYA NEW GENERATION OF DRIVER ASSISTANCE AND SECURITY
A NEW GENERATION OF DRIVER ASSISTANCE AND SECURITY
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
 
Antony's Final Draft v7
Antony's Final Draft v7Antony's Final Draft v7
Antony's Final Draft v7
 
An Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
An Encryption Algorithm To Evaluate Performance Of V2v Communication In VanetAn Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
An Encryption Algorithm To Evaluate Performance Of V2v Communication In Vanet
 
SDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinSDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same Coin
 
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
IntelFlow: Toward adding Cyber Threat Intelligence to Software Defined Networ...
 
An Identity-Based Mutual Authentication with Key Agreement
An Identity-Based Mutual Authentication with Key AgreementAn Identity-Based Mutual Authentication with Key Agreement
An Identity-Based Mutual Authentication with Key Agreement
 
OWASP Brisbane - SDN Security
OWASP Brisbane - SDN SecurityOWASP Brisbane - SDN Security
OWASP Brisbane - SDN Security
 
IRJET- Secure Kerberos System in Distributed Environment
IRJET- Secure Kerberos System in Distributed EnvironmentIRJET- Secure Kerberos System in Distributed Environment
IRJET- Secure Kerberos System in Distributed Environment
 
IS Unit 7_Network Security
IS Unit 7_Network SecurityIS Unit 7_Network Security
IS Unit 7_Network Security
 
A look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineA look at current cyberattacks in Ukraine
A look at current cyberattacks in Ukraine
 
iot hacking, smartlockpick
iot hacking, smartlockpick iot hacking, smartlockpick
iot hacking, smartlockpick
 
44CON & Ruxcon: SDN security
44CON & Ruxcon: SDN security44CON & Ruxcon: SDN security
44CON & Ruxcon: SDN security
 
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
 
Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...
Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...
Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...
 
Tools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalTools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade Final
 
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
 

Ähnlich wie Binary Hash Tree based Certificate Access Management for Connected Vehicles (BCAM)

Link layer, checksum, ethenet.pptx
Link layer, checksum, ethenet.pptxLink layer, checksum, ethenet.pptx
Link layer, checksum, ethenet.pptxMeenalochini M
 
Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158Editor IJARCET
 
Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158Editor IJARCET
 
A LIGHTWEIGHT PAYMENT VERIFICATION USING BLOCKCHAIN ALGORITHM ON IoT DEVICES
A LIGHTWEIGHT PAYMENT VERIFICATION USING BLOCKCHAIN ALGORITHM ON IoT DEVICESA LIGHTWEIGHT PAYMENT VERIFICATION USING BLOCKCHAIN ALGORITHM ON IoT DEVICES
A LIGHTWEIGHT PAYMENT VERIFICATION USING BLOCKCHAIN ALGORITHM ON IoT DEVICESIRJET Journal
 
Web3’s red pill: Smashing Web3 transaction simulations for fun and profit
Web3’s red pill: Smashing Web3 transaction simulations for fun and profitWeb3’s red pill: Smashing Web3 transaction simulations for fun and profit
Web3’s red pill: Smashing Web3 transaction simulations for fun and profitTal Be'ery
 
5-LEC- 5.pptxTransport Layer. Transport Layer Protocols
5-LEC- 5.pptxTransport Layer. Transport Layer Protocols5-LEC- 5.pptxTransport Layer. Transport Layer Protocols
5-LEC- 5.pptxTransport Layer. Transport Layer ProtocolsZahouAmel1
 
The Role Of Software And Hardware As A Common Part Of The...
The Role Of Software And Hardware As A Common Part Of The...The Role Of Software And Hardware As A Common Part Of The...
The Role Of Software And Hardware As A Common Part Of The...Sheena Crouch
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hackingPranshu Pareek
 
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)Igalia
 
New Business Models enabled by Blockchain
New Business Models enabled by BlockchainNew Business Models enabled by Blockchain
New Business Models enabled by BlockchainSlash
 
IoThings you don't even need to hack
IoThings you don't even need to hackIoThings you don't even need to hack
IoThings you don't even need to hackSlawomir Jasek
 
UNIT-2 PPT Data link layer.pptx
UNIT-2 PPT Data link layer.pptxUNIT-2 PPT Data link layer.pptx
UNIT-2 PPT Data link layer.pptxdiptijilhare
 
Omni gprs+gps+ble (permenant connection) smart lock air interface protocol v0...
Omni gprs+gps+ble (permenant connection) smart lock air interface protocol v0...Omni gprs+gps+ble (permenant connection) smart lock air interface protocol v0...
Omni gprs+gps+ble (permenant connection) smart lock air interface protocol v0...zeroormax1
 

Ähnlich wie Binary Hash Tree based Certificate Access Management for Connected Vehicles (BCAM) (20)

Link layer, checksum, ethenet.pptx
Link layer, checksum, ethenet.pptxLink layer, checksum, ethenet.pptx
Link layer, checksum, ethenet.pptx
 
Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158
 
Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158
 
A LIGHTWEIGHT PAYMENT VERIFICATION USING BLOCKCHAIN ALGORITHM ON IoT DEVICES
A LIGHTWEIGHT PAYMENT VERIFICATION USING BLOCKCHAIN ALGORITHM ON IoT DEVICESA LIGHTWEIGHT PAYMENT VERIFICATION USING BLOCKCHAIN ALGORITHM ON IoT DEVICES
A LIGHTWEIGHT PAYMENT VERIFICATION USING BLOCKCHAIN ALGORITHM ON IoT DEVICES
 
R bernardino hand_in_assignment_week_1
R bernardino hand_in_assignment_week_1R bernardino hand_in_assignment_week_1
R bernardino hand_in_assignment_week_1
 
Web3’s red pill: Smashing Web3 transaction simulations for fun and profit
Web3’s red pill: Smashing Web3 transaction simulations for fun and profitWeb3’s red pill: Smashing Web3 transaction simulations for fun and profit
Web3’s red pill: Smashing Web3 transaction simulations for fun and profit
 
5-LEC- 5.pptxTransport Layer. Transport Layer Protocols
5-LEC- 5.pptxTransport Layer. Transport Layer Protocols5-LEC- 5.pptxTransport Layer. Transport Layer Protocols
5-LEC- 5.pptxTransport Layer. Transport Layer Protocols
 
The Role Of Software And Hardware As A Common Part Of The...
The Role Of Software And Hardware As A Common Part Of The...The Role Of Software And Hardware As A Common Part Of The...
The Role Of Software And Hardware As A Common Part Of The...
 
SIGFOX Makers Tour - Porto
SIGFOX Makers Tour - PortoSIGFOX Makers Tour - Porto
SIGFOX Makers Tour - Porto
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hacking
 
Data link layer
Data link layerData link layer
Data link layer
 
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
 
New Business Models enabled by Blockchain
New Business Models enabled by BlockchainNew Business Models enabled by Blockchain
New Business Models enabled by Blockchain
 
Martin Novotny and Timo Kasper
Martin Novotny and Timo KasperMartin Novotny and Timo Kasper
Martin Novotny and Timo Kasper
 
SIGFOX Makers Tour - Dublin
SIGFOX Makers Tour - DublinSIGFOX Makers Tour - Dublin
SIGFOX Makers Tour - Dublin
 
IoThings you don't even need to hack
IoThings you don't even need to hackIoThings you don't even need to hack
IoThings you don't even need to hack
 
UNIT-2 PPT Data link layer.pptx
UNIT-2 PPT Data link layer.pptxUNIT-2 PPT Data link layer.pptx
UNIT-2 PPT Data link layer.pptx
 
Data link layer
Data link layerData link layer
Data link layer
 
Real time-embedded-system-lec-06
Real time-embedded-system-lec-06Real time-embedded-system-lec-06
Real time-embedded-system-lec-06
 
Omni gprs+gps+ble (permenant connection) smart lock air interface protocol v0...
Omni gprs+gps+ble (permenant connection) smart lock air interface protocol v0...Omni gprs+gps+ble (permenant connection) smart lock air interface protocol v0...
Omni gprs+gps+ble (permenant connection) smart lock air interface protocol v0...
 

Mehr von OnBoard Security, Inc. - a Qualcomm Company

Mehr von OnBoard Security, Inc. - a Qualcomm Company (6)

Lattice-based Signatures
Lattice-based SignaturesLattice-based Signatures
Lattice-based Signatures
 
A Short Review of the NTRU Cryptosystem
A Short Review of the NTRU CryptosystemA Short Review of the NTRU Cryptosystem
A Short Review of the NTRU Cryptosystem
 
Automotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still ExistsAutomotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still Exists
 
Car cybersecurity: What do automakers really think?
Car cybersecurity: What do automakers really think?Car cybersecurity: What do automakers really think?
Car cybersecurity: What do automakers really think?
 
Security for Connected Vehicle: Successes and Challenges
Security for Connected Vehicle: Successes and ChallengesSecurity for Connected Vehicle: Successes and Challenges
Security for Connected Vehicle: Successes and Challenges
 
Scaling Systems Securely: Challenges and Risks
Scaling Systems Securely: Challenges and RisksScaling Systems Securely: Challenges and Risks
Scaling Systems Securely: Challenges and Risks
 

Kürzlich hochgeladen

Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 

Kürzlich hochgeladen (20)

Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 

Binary Hash Tree based Certificate Access Management for Connected Vehicles (BCAM)

  • 1. Binary Hash Tree based Certificate Access Management for Connected Vehicles (BCAM) Virendra Kumar, Jonathan Petit, William Whyte
  • 6. The Big Dilemma Lifetime Supply Who pays for 2-way connectivity? What happens if the vehicle is hacked? 6
  • 7. Current Certificate Model 3 years’ worth 3 years’ worth RA 7
  • 9. Encrypted Batches of Certificates 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 … n 9
  • 11. Compression using Binary Hash Trees 10 0100 10 11 000 001 010 011 100 101 110 111 seed 0 1 2 3 4 5 6 7 11
  • 12. Day 1: No Revocation 10 0100 10 11 000 001 010 011 100 101 110 111 seed 0 1 2 3 4 5 6 7 Published node Derived node 12
  • 13. Day 2: Vehicles 2, 4, 5 Revoked 10 0100 10 11 000 001 010 011 100 101 110 111 seed 0 1 2 3 4 5 6 7 Published node Derived node Revoked node 13
  • 14. Pathological: Every Other Vehicle Revoked 10 0100 10 11 000 001 010 011 100 101 110 111 seed 0 1 2 3 4 5 6 7 Published node Derived node Revoked node 14
  • 15. Binary Tree Encoding Encoding Size Decoding Time Unique index of each published node r * log2(n/r) * (log2(n) + 1) number of published nodes Same as searching Unique index of each revoked leaf node r * log2(n) No efficient algorithm known n: number of leaf-nodes, r: number of revoked vehicles, 1 ≤ r ≤ n/2 Can we get the best of both worlds? 15
  • 16. A New Algorithm for Full Binary Trees Observations: 1. Topology known, only need to know which nodes are published and which are omitted. 2. Subtree of a published node can be ignored without any loss of information. Encoding: 1. Start from root with an empty string. 2. Do breadth-first traversal. 1. Append 0 for revoked node. 2. Append 1 for published node. 3. Do nothing for derived node. 0 0 0 1 0 0 1 0 1 0 0 0 00 1001 0100Encoded string: Disclaimer: Authors are not aware of any prior art with equivalent encoding sizes and decoding times. 1 2 3 Published nodes: 00, 11, 011 16
  • 17. A New Algorithm for Full Binary Trees Contd. Decoding: 1. Start from root and process 1 level at a time. 2. At every level, look at the bit of interest 1. If 0, go to next level. 2. If 1, output the number of 1s so far, and stop. Example (vehicle 3  011): Disclaimer: Authors are not aware of any prior art with equivalent encoding sizes and decoding times. Encoding: 0 00 1001 0100 Bits at a level: # bits before bit of interest: 0 # bits after bit of interest: 0 Rules for going to next level: 1. # bits before = 2 * (# 0s in bits before bit of interest) 2. Add 1 to (# bits before), if next bit of vehicle ID is 1. 3. # bits after = 2 * (# 0s in bits after bit of interest) 4. Add 1 to (# bits after), if next bit of vehicle ID is 0. bit of interest Vehicle ID bit Bits at a level: # bits before bit of interest: 0 # bits after bit of interest: 1 Bits at a level: # bits before bit of interest: 1 # bits after bit of interest: 2 Bits at a level: # bits before bit of interest: 1 # bits after bit of interest: 2 3 1 2 3 17
  • 18. Efficiency of Encoding Algorithm  Encoding size – # published nodes ≈ # revoked nodes, i.e. encoding has roughly the same number of 0s and 1s. – Size ≈ 2*r*log2(n/r) – For n=240, r=1,000, encoding takes less than 1% of the full packet, i.e. about 20 times smaller than using unique index of each published node.  Decoding time – Breadth-first but queue size ≤ r. – For n=240, r=10,000, a consumer laptop (2.7 GHz Intel Core i7, 16GB RAM) takes less than 3 milliseconds on average. 18 n: number of leaf-nodes, r: number of revoked vehicles, 1 ≤ r ≤ n/2
  • 19. “Not all compromises are created equal.” Software Compromise Hardware Compromise Can be easily replicated and spread quickly Most likely require specialized hardware Can be easily fixed by over-the-air updates Most likely need to replace the hardware Attack can be distributed over the Internet requiring less effort and resources Most likely require lot of effort and resources 19
  • 20. “So, we treat them differently.”  Software compromise  “soft revocation list” 0 1 2 3 4 5 6 7 8 9 …  A compromised vehicle is put on the SRL first, by flipping its bit.  If the vehicle on SRL continues to misbehave, it is “hard” revoked via binary tree approach. 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 …1 1 1 20
  • 21. Conclusion  Positives – No need of bidirectional connectivity for certificate download – Revocation enforced at sender  Soft/hard revocation prevent sender from sending valid messages  Receivers don’t need to store revocation information  Scales naturally, can handle a much higher rate of revocation than current system – Vehicles can be unrevoked  Vehicles revoked in error  Vehicles whose issues have been addressed  Negatives – Less agile – Longer CA lifetimes Our belief is that positives outweigh the negatives. We hope you feel the same.  21 positives