Christoph Ruland

Secure and authentic communication on existing in-vehicle networks

Because of the increasing number of electronic components, the automotive manufacturers introduced data bus systems to decrease the number of discrete lines. Inside modern vehicles there are several bus systems that are used for communication to provide many safety-relevant functions with direct impact to the vehicles behaviour. Due to missing security services, these in-car networks are unprotected against malicious attacks. Exemplarily focussing CAN, this article explains that the missing of authenticity and confidentiality are the most important issues concerning security risks for in-car communication. A flexible and adaptive solution using trusted communication groups is presented that enables confidential communication between components of a vehicle and guarantees that only authentic controllers - holding a certificate signed by the manufacturer - are able to be part of these closed communication groups.

Error Correcting and Weighted Noise Tolerant Message Authentication Codes

Message Authentication Codes (MACs) are very sensitive to any modification in the message. The verification fails even if there is a slight change in the message. However, special algorithms have been introduced that tolerate a small amount of noise in messages as required by some applications. Noise Tolerant Message Authentication Code (NTMAC) is an example of noise tolerant authenticator algorithm. NTMAC is block oriented and unlike MAC it localizes errors at the block level. Nevertheless, there is no efficient way for correcting erroneous blocks by NTMAC. This paper presents a novel algorithm as an enhancement of NTMAC, called the Error Correcting - NTMAC (EC-NTMAC) and a variant of EC-NTMAC, called the Error Correcting - Weighted NTMAC (EC-WNTMAC). EC-NTMAC introduces error correction of erroneous blocks and EC-WNTMAC extends EC-NTMAC to the correction of blocks based on their importance level or the so called weight. The later approach makes the EC-NTMAC more suitable for some applications like image and multimedia communications where few errors are acceptable. Simulation results, showing capabilities of both of the proposed algorithms as well as the performance and security considerations are given in the paper.

Identity based protocols for secure electronic content distribution and licensing

Contemporary systems for distribution of electronic media content and its respective licenses are limited in a way that neither the consumers nor the vendors can operate in a reliable and flexible way. Further, the security architecture that comprises these systems is based and literally mapped upon them from security architectures, which apply to distributed systems based on computer terminals and not necessarily on mobile devices. The attempt to apply such architectures on the world of mobile multimedia so far has lead to solutions, which mostly rely on one single certification authority. It is more than obvious that this fact introduces the fatal risk of having a single-point-of-attack, since a compromise of the CAs private key leads to a compromise of the entire system. Our proposal introduces protocols that utilize ID-based cryptographic methods, in order to provide electronic content delivery and licensing.

Secure and Robust Two-Phase Image Authentication

A novel two-phase robust content-based image authentication scheme is introduced. The proposed scheme is constructed based on a combination of hard and soft authentication using two existing generic approximate message authentication codes (AMACs). The AMACs combine error- correcting codes with cryptographic primitives such as message authentication codes and symmetric encryption algorithms. The message authentication codes are used for hard authentication, whereas the error-correcting codes introduce a certain degree of robustness in authentication. This is achieved by correcting minor unintentional modifications as a result of common image processing operations such as quantization , compression , and noise addition. The two-phase image authentication scheme verifies the authenticity of an image in two phases. The low frequency elements of the image in a transform domain are subjected to the first phase while some higher frequency elements are left to the second phase if the first phase succeeds. The proposed scheme tolerates common content- preserving modifications in an image but can discriminate intentional modifications affecting the image content. Mathematical bounds for the accuracy and the security level of the proposed approach are estimated and the performance is compared with some other well-known schemes in the literature. The results demonstrate that the proposed scheme shows high discriminating capability and can detect different types of meaningful forgery attacks on images while preserving the robustness. It also outperforms the benchmark image authentication schemes in terms of tradeoff between robustness and fragility.

Confidential multimedia communication in IP networks

Communication in open packet-based networks like the Internet must be considered including security aspects. Different approaches exist to realize e.g. confidentiality in IP networks: IPSec at the network layer, TLS/SSL residing on the transport layer and security extensions for applications. Real-time-oriented Internet applications cause different demands on security protocols compared to their counterparts like e.g. HTTP does. It is questionable if the existing mechanisms are suitable for securing multimedia communication. This paper gives an overview of multimedia communication over the Internet. It describes available approaches for enabling confidentiality and analyzes the usability in real-time-oriented environments. Since currently all multimedia applications use RTP to packetize the media stream the newly proposed Internet Draft Secure Real-time Transport Protocol (SRTP) is analyzed as well. SRTP is presented in more detail and an extension to the H.323 protocol family to support SRTP is introduced. This approach enables on the one hand H.323 terminals to use the security services provided by SRTP and on the other hand the application of SRTP even in heterogenous signaling environments. Furthermore our SRTP implementation and its integration into the OpenH323 project is described.

Secure transfer of measurement data in open systems

The liberalization of different markets which are liable to legal metrology accelerates the need for transferring measuring data over open networks. This increases the involvement of communication technology in measuring systems and raises new security threats in legal metrology. The goal of the SELMA (Secure ELectronic Measurement dAta exchange) project is to create technical procedures according to legal requirements which ensure the secure transfer of measured energy data from decentralized meters to the authorized users via open networks. This paper gives an overall view of the research project SELMA and the developed concepts and technologies. The security architecture is presented and the standards and interfaces are described which were specified and afterwards used to implement and deploy a large-scale field trial. SELMA has developed a security architecture to establish trust in the electronic transfer of data from the meter to data acquisition systems and further to the customers. The introduced security mechanisms are based on asymmetric cryptography and more specifically on digital signatures that enable the signed measurement data to be verified and authenticated in conjunction with a suitable key management. Particular security units have been created that contain the necessary security mechanisms. The SELMA architecture represents a best practice solution of strong cryptographic mechanisms to secure a wide range of metrology applications and is compatible with appropriate European directives and guidelines.

Compressive Sensing encryption modes and their security

Compressed Sensing may offer confidentiality with a good level of security that comes at limited extra costs. By this means, encryption can be added right into the sampling process. Previous proposals of Compressive Sensing encryption schemes are based on the randomness introduced by the sensing matrix. Once the matrix is fixed, the encryption becomes deterministic and therefore it can hardly be secure when encrypting more than a single signal. The work presented in this paper is built on the theoretical results on the secrecy of one-time Compressive Sensing encryption, and it proposes practical realizations, which extend this kind of encryption so that multiple signals may be encrypted under a single key. The confidentiality of the signal is thereby solely given by the inherent secrecy of the compressed measurements. In contrast to recent suggestions, the modes of operation defined in this paper are able to encrypt signals with different energy without exposing the signals energy to an eavesdropper. A general design for Compressive Sensing encryption modes is presented along with two realizations: one designed for parallel processing and another one that is self-synchronizing. The secrecy of the proposed modes is reduced to the secrecy of known and trusted cryptographic primitives. Compressive Sensing encryption modes are useful in a wide range of practical applications by providing a joint end-to-end encryption and compression that starts at the sensor level.

Document Tracking - On the Way to a New Security Service

This paper proposes a new security service that provides reliable technologies for traitor tracing. As current systems do not provide sufficient options to find out who distributed a document in an unauthorized way, an approach for solving this security gap is proposed. Existing security concepts will be extended by a new service based on reliable tracking data embedding. Additionally, a new method to hide the structure of data is introduced. Summarized, the proposed scheme enhances security against attacks from authorized personnel who have got into legal possession of confidential information.

A survey of image hashing technique for data authentication in WMSNs

Wireless Multimedia Sensor Networks (WMSNs) are commonly used for communicating sensitive data which help in many important decision makings, so that it is crucial to ensure the received data are not manipulated in transit and originated from the correct source. In the security perspective, however, the characteristics of WMSNs and the nature of multimedia make data authentication schemes more complex, especially for data integrity. In this regard, the aim of this paper is to investigate the feasibility of content-based authentication using image hashing technique as an alternative data authentication scheme in WMSNs. To assess the feasibility, the general requirements for image authentication in WMSNs are discussed in this paper. Additionally, the performance of five selected image hashing algorithms is measured with respect to robustness, sensitivity, and security. By comparing and analyzing the performance of the selected algorithms, this paper provides a perspective on the potential feasibility and limitations as an alternative to the traditional authentication scheme in WMSNs.

Security issues in smart metering systems

Intelligent buildings are not imaginable anymore without smart metering devices. Smart metering systems are used not only for the provisioning of instantaneous metering information on commodities, such as electricity, water and gas, to the service providers but also to make this information available to customers. This helps the customers in dynamically adapting their energy consumption behavior. The smart metering devices also help in balancing the power generation and distribution in a smart grid by tailoring the power generation according to the demand. However, the liberalization of the metering market requires few strong security and privacy requirements for the metering data. Smart metering raises many security and privacy concerns. There are worries that the personal information of consumers could be disclosed. There are also concerns about frauds exploiting security vulnerabilities in smart metering systems on a large scale, e.g., making smart meters provide false metering data to the service providers. From a macro perspective, the smart grids, including the smart metering systems and devices can be attacked to bring down the whole grid or at least some parts of the grid, which is a concern of national security. This paper focuses on the security and privacy aspects of the smart metering systems. Potential attackers, security threats and attacks on smart metering systems are listed and the security approaches to address the security issues are presented. A security by design approach for secure smart metering is discussed in the paper. The major results of a security by design approach for smart metering systems developed in the project, entitled “Trusted Computing Engineering for Resource Constraint Embedded Systems Applications”, funded by the European commission, are summarized in the end.