Formal analysis of V2X revocation protocols

Jorden Whitefield; Liqun Chen; Frank Kargl; Andrew Paverd; Steve Schneider; Helen Treharne; Stephan Wesemeyer

doi:10.1007/978-3-319-68063-7_10

Formal analysis of V2X revocation protocols

Jorden Whitefield, Liqun Chen, Frank Kargl, Andrew Paverd, Steve Schneider, Helen Treharne^*, Stephan Wesemeyer

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

21 Citations (Scopus)

Abstract

Research on vehicular networking (V2X) security has produced a range of securitymechanisms and protocols tailored for this domain, addressing both security and privacy. Typically, the security analysis of these proposals has largely been informal. However, formal analysis can be used to expose flaws and ultimately provide a higher level of assurance in the protocols. This paper focusses on the formal analysis of a particular element of security mechanisms for V2X found in many proposals, that is the revocation of malicious or misbehaving vehicles from the V2X system by invalidating their credentials. This revocation needs to be performed in an unlinkable way for vehicle privacy even in the context of vehicles regularly changing their pseudonyms. The Rewire scheme by Förster et al. and its subschemes Plain and R-token aim to solve this challenge by means of cryptographic solutions and trusted hardware. Formal analysis using the Tamarin prover identifies two flaws: one previously reported in the lierature concerned with functional correctness of the protocol, and one previously unknown flaw concerning an authentication property of the R-token scheme. In response to these flaws we propose Obscure Token (O-token), an extension of Rewire to enable revocation in a privacy preserving manner. Our approach addresses the functional and authentication properties by introducing an additional key-pair, which offers a stronger and verifiable guarantee of successful revocation of vehicles without resolving the long-term identity. Moreover O-token is the first V2X revocation protocol to be co-designed with a formal model.

Original language	English
Title of host publication	Security and Trust Management - 13th International Workshop, STM 2017, Proceedings
Publisher	Springer
Pages	147-163
Number of pages	17
ISBN (Print)	9783319680620
DOIs	https://doi.org/10.1007/978-3-319-68063-7_10
Publication status	Published - 2017
MoE publication type	A4 Conference publication
Event	International Workshop on Security and Trust Management - Oslo, Norway Duration: 14 Sept 2017 → 15 Sept 2017 Conference number: 13

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10547 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Workshop

Workshop	International Workshop on Security and Trust Management
Abbreviated title	STM
Country/Territory	Norway
City	Oslo
Period	14/09/2017 → 15/09/2017

Keywords

Ad hoc networks
Authentication
Security verification
V2X

Access to Document

10.1007/978-3-319-68063-7_10

Cite this

Whitefield, J., Chen, L., Kargl, F., Paverd, A., Schneider, S., Treharne, H., & Wesemeyer, S. (2017). Formal analysis of V2X revocation protocols. In Security and Trust Management - 13th International Workshop, STM 2017, Proceedings (pp. 147-163). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10547 LNCS). Springer. https://doi.org/10.1007/978-3-319-68063-7_10

@inproceedings{29161f685c4240e595e9aca935986019,

title = "Formal analysis of V2X revocation protocols",

abstract = "Research on vehicular networking (V2X) security has produced a range of securitymechanisms and protocols tailored for this domain, addressing both security and privacy. Typically, the security analysis of these proposals has largely been informal. However, formal analysis can be used to expose flaws and ultimately provide a higher level of assurance in the protocols. This paper focusses on the formal analysis of a particular element of security mechanisms for V2X found in many proposals, that is the revocation of malicious or misbehaving vehicles from the V2X system by invalidating their credentials. This revocation needs to be performed in an unlinkable way for vehicle privacy even in the context of vehicles regularly changing their pseudonyms. The Rewire scheme by F{\"o}rster et al. and its subschemes Plain and R-token aim to solve this challenge by means of cryptographic solutions and trusted hardware. Formal analysis using the Tamarin prover identifies two flaws: one previously reported in the lierature concerned with functional correctness of the protocol, and one previously unknown flaw concerning an authentication property of the R-token scheme. In response to these flaws we propose Obscure Token (O-token), an extension of Rewire to enable revocation in a privacy preserving manner. Our approach addresses the functional and authentication properties by introducing an additional key-pair, which offers a stronger and verifiable guarantee of successful revocation of vehicles without resolving the long-term identity. Moreover O-token is the first V2X revocation protocol to be co-designed with a formal model.",

keywords = "Ad hoc networks, Authentication, Security verification, V2X",

author = "Jorden Whitefield and Liqun Chen and Frank Kargl and Andrew Paverd and Steve Schneider and Helen Treharne and Stephan Wesemeyer",

year = "2017",

doi = "10.1007/978-3-319-68063-7_10",

language = "English",

isbn = "9783319680620",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "147--163",

booktitle = "Security and Trust Management - 13th International Workshop, STM 2017, Proceedings",

address = "Germany",

note = "International Workshop on Security and Trust Management, STM ; Conference date: 14-09-2017 Through 15-09-2017",

}

Whitefield, J, Chen, L, Kargl, F, Paverd, A, Schneider, S, Treharne, H & Wesemeyer, S 2017, Formal analysis of V2X revocation protocols. in Security and Trust Management - 13th International Workshop, STM 2017, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10547 LNCS, Springer, pp. 147-163, International Workshop on Security and Trust Management, Oslo, Norway, 14/09/2017. https://doi.org/10.1007/978-3-319-68063-7_10

Formal analysis of V2X revocation protocols. / Whitefield, Jorden; Chen, Liqun; Kargl, Frank et al.
Security and Trust Management - 13th International Workshop, STM 2017, Proceedings. Springer, 2017. p. 147-163 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10547 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Formal analysis of V2X revocation protocols

AU - Whitefield, Jorden

AU - Chen, Liqun

AU - Kargl, Frank

AU - Paverd, Andrew

AU - Schneider, Steve

AU - Treharne, Helen

AU - Wesemeyer, Stephan

N1 - Conference code: 13

PY - 2017

Y1 - 2017

N2 - Research on vehicular networking (V2X) security has produced a range of securitymechanisms and protocols tailored for this domain, addressing both security and privacy. Typically, the security analysis of these proposals has largely been informal. However, formal analysis can be used to expose flaws and ultimately provide a higher level of assurance in the protocols. This paper focusses on the formal analysis of a particular element of security mechanisms for V2X found in many proposals, that is the revocation of malicious or misbehaving vehicles from the V2X system by invalidating their credentials. This revocation needs to be performed in an unlinkable way for vehicle privacy even in the context of vehicles regularly changing their pseudonyms. The Rewire scheme by Förster et al. and its subschemes Plain and R-token aim to solve this challenge by means of cryptographic solutions and trusted hardware. Formal analysis using the Tamarin prover identifies two flaws: one previously reported in the lierature concerned with functional correctness of the protocol, and one previously unknown flaw concerning an authentication property of the R-token scheme. In response to these flaws we propose Obscure Token (O-token), an extension of Rewire to enable revocation in a privacy preserving manner. Our approach addresses the functional and authentication properties by introducing an additional key-pair, which offers a stronger and verifiable guarantee of successful revocation of vehicles without resolving the long-term identity. Moreover O-token is the first V2X revocation protocol to be co-designed with a formal model.

AB - Research on vehicular networking (V2X) security has produced a range of securitymechanisms and protocols tailored for this domain, addressing both security and privacy. Typically, the security analysis of these proposals has largely been informal. However, formal analysis can be used to expose flaws and ultimately provide a higher level of assurance in the protocols. This paper focusses on the formal analysis of a particular element of security mechanisms for V2X found in many proposals, that is the revocation of malicious or misbehaving vehicles from the V2X system by invalidating their credentials. This revocation needs to be performed in an unlinkable way for vehicle privacy even in the context of vehicles regularly changing their pseudonyms. The Rewire scheme by Förster et al. and its subschemes Plain and R-token aim to solve this challenge by means of cryptographic solutions and trusted hardware. Formal analysis using the Tamarin prover identifies two flaws: one previously reported in the lierature concerned with functional correctness of the protocol, and one previously unknown flaw concerning an authentication property of the R-token scheme. In response to these flaws we propose Obscure Token (O-token), an extension of Rewire to enable revocation in a privacy preserving manner. Our approach addresses the functional and authentication properties by introducing an additional key-pair, which offers a stronger and verifiable guarantee of successful revocation of vehicles without resolving the long-term identity. Moreover O-token is the first V2X revocation protocol to be co-designed with a formal model.

KW - Ad hoc networks

KW - Authentication

KW - Security verification

KW - V2X

UR - http://www.scopus.com/inward/record.url?scp=85030171055&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-68063-7_10

DO - 10.1007/978-3-319-68063-7_10

M3 - Conference article in proceedings

AN - SCOPUS:85030171055

SN - 9783319680620

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 147

EP - 163

BT - Security and Trust Management - 13th International Workshop, STM 2017, Proceedings

PB - Springer

T2 - International Workshop on Security and Trust Management

Y2 - 14 September 2017 through 15 September 2017

ER -

Whitefield J, Chen L, Kargl F, Paverd A, Schneider S, Treharne H et al. Formal analysis of V2X revocation protocols. In Security and Trust Management - 13th International Workshop, STM 2017, Proceedings. Springer. 2017. p. 147-163. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-68063-7_10

Formal analysis of V2X revocation protocols

Abstract

Publication series

Workshop

Keywords

Access to Document

Other files and links

Fingerprint

Cite this