Panos Papadimitratos

Efficient and robust pseudonymous authentication in VANET

Effective and robust operations, as well as security and privacy are critical for the deployment of vehicular ad hoc networks (VANETs). Efficient and easy-to-manage security and privacy-enhancing mechanisms are essential for the wide-spread adoption of the VANET technology. In this paper, we are concerned with this problem; and in particular, how to achieve efficient and robust pseudonym-based authentication. We design mechanisms that reduce the security overhead for safety beaconing, and retain robustness for transportation safety, even in adverse network settings. Moreover, we show how to enhance the availability and usability of privacy-enhancing VANET mechanisms: Our proposal enables vehicle on-board units to generate their own pseudonyms, without affecting the system security.

Privacy in inter-vehicular networks: Why simple pseudonym change is not enough

Inter-vehicle communication (IVC) systems disclose rich location information about vehicles. State-of-the-art security architectures are aware of the problem and provide privacy enhancing mechanisms, notably pseudonymous authentication. However, the granularity and the amount of location information IVC protocols divulge, enable an adversary that eavesdrops all traffic throughout an area, to reconstruct long traces of the whereabouts of the majority of vehicles within the same area. Our analysis in this paper confirms the existence of this kind of threat. As a result, it is questionable if strong location privacy is achievable in IVC systems against a powerful adversary.

Castor: Scalable Secure Routing for Ad Hoc Networks

Wireless ad hoc networks are inherently vulnerable, as any node can disrupt the communication of potentially any other node in the network. Many solutions to this problem have been proposed. In this paper, we take a fresh and comprehensive approach that addresses simultaneously three aspects: security, scalability and adaptability to changing network conditions. Our communication protocol, Castor, occupies a unique point in the design space: it does not use any control messages except simple packet acknowledgments, and each node makes routing decisions locally and independently without exchanging any routing state with other nodes. Its novel design makes Castor resilient to a wide range of attacks and allows the protocol to scale to large network sizes and to remain efficient under high mobility. We compare Castor against four representative protocols from the literature. Our protocol achieves up to two times higher packet delivery rates, particularly in large and highly volatile networks, while incurring no or only limited additional overhead. At the same time, Castor is able to survive more severe attacks and recovers from them faster.

A practical secure neighbor verification protocol for wireless sensor networks

Wireless networking relies on a fundamental building block, neighbor discovery (ND). The nature of wireless communications, however, makes attacks against ND easy: An adversary can simply replay or relay (wormhole) packets across the network and mislead disconnected nodes into believing that they communicate directly. Such attacks can compromise the overlying protocols and applications. Proposed methods in the literature seek to secure ND, allowing nodes to verify they are neighbors. However, they either rely on specialized hardware or infrastructure, or offer limited security. In this paper, we address these problems, designing a practical and secure neighbor verification protocol for constrained Wireless Sensor networks (WSNs). Our scheme relies on estimated distance between nodes and simple geometric tests, and it is fully distributed. We prove our protocol is secure against the classic 2-end wormhole attack. Moreover, we provide a proof-of-concept implementation with off-the-shelf WSN equipment: Cricket motes.

Privacy-Preserving Relationship Path Discovery in Social Networks

As social networks sites continue to proliferate and are being used for an increasing variety of purposes, the privacy risks raised by the full access of social networking sites over user data become uncomfortable. A decentralized social network would help alleviate this problem, but offering the functionalities of social networking sites is a distributed manner is a challenging problem. In this paper, we provide techniques to instantiate one of the core functionalities of social networks: discovery of paths between individuals. Our algorithm preserves the privacy of relationship information, and can operate offline during the path discovery phase. We simulate our algorithm on real social network topologies.

Effectiveness of distance-decreasing attacks against impulse radio ranging

We expose the vulnerability of an emerging wireless ranging technology, impulse radio ultra-wide band (IR-UWB), to distance-decreasing attacks on the physical communication layer (PHY). These attacks violate the security of secure ranging protocols that allow two wireless devices to securely estimate the distance between them, with the guarantee that the estimate is an upper-bound on the actual distance. Such protocols serve as crucial building blocks in security-sensitive applications such as location tracking, physical access control, or localization. Prior works show the theoretical possibility of PHY attacks bypassing cryptographic mechanisms used by secure ranging protocols. They also demonstrates that for physical layers used in ISO 14443 RFID and wireless sensor networks, some PHY attacks are indeed feasible. IR-UWB was proposed as a possible solution, but we show that the de facto standard for IR-UWB, IEEE 802.15.4a, does not automatically provide security against such attacks. We find that with the mandatory modes of the standard an external attacker can decrease the measured distance by as much as 140 meters with a high probability (above 99%).

SPPEAR: security & privacy-preserving architecture for participatory-sensing applications

Recent advances in sensing, computing, and networking have paved the way for the emerging paradigm of participatory sensing (PS). The openness of such systems and the richness of user data they entail raise significant concerns for their security, privacy and resilience. Prior works addressed different aspects of the problem. But in order to reap the benefits of this new sensing paradigm, we need a comprehensive solution. That is, a secure and accountable PS system that preserves user privacy, and enables the provision of incentives to the participants. At the same time, we are after a PS system that is resilient to abusive users and guarantees privacy protection even against multiple misbehaving PS entities (servers). We address these seemingly contradicting requirements with our SPPEAR architecture. Our full blown implementation and experimental evaluation demonstrate that SPPEAR is efficient, practical, and scalable. Last but not least, we formally assess the achieved security and privacy properties. Overall, our system is a comprehensive solution that significantly extends the state-of-the-art and can catalyze the deployment of PS applications.

Secure Vehicular Communication Systems

Significant developments have taken place over the past few years in the area of vehicular communication systems. Now, it is well understood in the community that security and protection of private...Background After the deployment of automated toll collection or active road-signs, Vehicular Communication (VC) systems are envisioned as the future technology for improved traffic efficiency and safety. VC systems will comprise nodes, in other words, vehicle-mounted and Road-Side infrastructure Units (RSUs), equipped with on-board sensory, processing, and wireless communication modules. Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) communication can enhance transportation safety and efficiency, as well as infotainment. For example, VC systems can send warnings about environmental hazards (e.g., ice on the pavement), traffic and road conditions (e.g., emergency braking, congestion, or construction sites), and local (e.g., tourist) information. The unique features of VC are a double-edged sword: a rich set of tools will be available, but a formidable set of abuses and attacks will then become possible. Consider, for example, an attacker that “contaminates” large portions of the vehicular network with false information: A single compromised vehicle can transmit false hazard warnings that can then be taken up by all vehicles in both traffic streams; or a tampered vehicle can forge messages to masquerade as an emergency vehicle to mislead other vehicles to slow down and yield; or a different type of attacker can deploy a number of receivers and record messages transmitted by the vehicles, especially safety beacons that report the vehicle’s location, in order to track a vehicle’s location and transactions and to infer private information about its driver and passengers.

Towards deploying a scalable & robust vehicular identity and credential management infrastructure

Several years of academic and industrial research efforts have converged to a common understanding on fundamental security building blocks for the upcoming Vehicular Communication (VC) systems. There is a growing consensus towards deploying a Vehicular Public-Key Infrastructure (VPKI) enables pseudonymous authentication, with standardization efforts in that direction. However, there are still significant technical issues that remain unresolved. Existing proposals for instantiating the VPKI either need additional detailed specifications or enhanced security and privacy features. Equally important, there is limited experimental work that establishes the VPKI efficiency and scalability. In this paper, we are concerned with exactly these issues. We leverage the common VPKI approach and contribute an enhanced system with precisely defined, novel features that improve its resilience and the user privacy protection. In particular, we depart from the common assumption that the VPKI entities are fully trusted and we improve user privacy in the face of an honest-but-curious security infrastructure. Moreover, we fully implement our VPKI, in a standard-compliant manner, and we perform an extensive evaluation. Along with stronger protection and richer functionality, our system achieves very significant performance improvement over prior systems - contributing the most advanced VPKI towards deployment.

Trustworthy People-Centric Sensing: Privacy, security and user incentives road-map

The broad capabilities of widespread mobile devices have paved the way for People-Centric Sensing (PCS). This emerging paradigm enables direct user involvement in possibly large-scale and diverse data collection and sharing. Unavoidably, this raises significant privacy concerns, as participants may inadvertently reveal a great deal of sensitive information. However, ensuring user privacy, e.g., by anonymizing data they contribute, may cloak faulty (possibly malicious) actions. Thus, PCS systems must not only be privacy-preserving but also accountable and reliable. As an increasing number of applications (e.g., assistive healthcare and public safety systems) can significantly benefit from people-centric sensing, it becomes imperative to meet these seemingly contradicting requirements. In this work, we discuss security, user privacy and incentivization for this sensing paradigm, exploring how to address all aspects of this multifaceted problem. We critically survey the security and privacy properties of state-of-the-art research efforts in the area. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that security and privacy do not hinder the deployment of PCS systems.