Yves Roudier

Security requirements for automotive on-board networks

This paper considers security requirements for automotive on-board networks and describes the processes used for identifying and prioritizing such requirements. The security engineering process starts from use cases for automotive onboard networks that require wireless communication interfaces and involves an investigation of security threat scenarios and the assessment of the relative risks associated with the threats.

Distributed Access Control For XML Document Centric Collaborations

This paper introduces a distributed and fine grained access control mechanism based on encryption for XML document centric collaborative applications. This mechanism also makes it possible to simultaneously protect the confidentiality of a document and to verify its authenticity and integrity, as well to trace its updates. The enforcement of access control is distributed to participants and does not rely on a central authority. Novel aspects of the proposed framework include the adoption of a decentralized key management scheme to support the client-based enforcement of the access control policy. This scheme is driven by the expression of access patterns of interest of the participants over document parts to determine the keys required. A lazy rekeying protocol is also defined to accommodate the delegation of access control decisions that in particular reduces rekeying latency when faced with the addition and removal of participants.

Untraceable secret credentials: trust establishment with privacy

There is generally no a priori trust relationship among entities interacting in pervasive computing environments which makes it necessary to establish trust from scratch. This task becomes extremely challenging when it is simultaneously necessary to protect the privacy of the actors involved. We show how trust can be based on previous interactions yet remain unlinkable to any previous event or any specific entity. A solution based on group blind signatures is proposed that relies on credentials both secret, meaning that they contain an encrypted description of previous interactions, and untraceable, meaning that they cannot be recognized when presented to their issuer.

Collaborative backup for dependable mobile applications

We describe the work we are conducting on new middleware services for dependable and secure mobile systems. This work is based on approaches à la peer-to-peer in order to circumvent the problems introduced by the lack of infrastructure in self-organizing networks of mobile nodes, such as MANETs. The mechanisms we propose are based on collaboration between peer mobile devices to provide middleware services such as trust management and critical data storage. This short paper gives a brief description of the problems we are trying to solve and some hints and ideas towards a solution.

Secure automotive on-board protocols: a case of over-the-air firmware updates

The software running on electronic devices is regularly updated, these days. A vehicle consists of many such devices, but is operated in a completely different manner than consumer devices. Update operations are safety critical in the automotive domain. Thus, they demand for a very well secured process. We propose an on-board security architecture which facilitates such update processes by combining hardware and software modules. In this paper, we present a protocol to show how this security architecture is employed in order to achieve secure firmware updates for automotive control units.

Enabling Message Security for RESTful Services

The security and dependability of cloud applications require strong confidence in the communication protocol used to access web resources. The mainstream service providers nowadays are shifting to REST-based services in the detriment of SOAP-based ones. REST proposes a lightweight approach to consume resources with no specific encapsulation, thus lacking of meta-data descriptions for security requirements. Currently, the security of RESTful services relies on ad-hoc security mechanisms (whose implementation is error-prone) or on the transport layer security (offering poor flexibility). We introduce the REST security protocol to provide secure service communication, together with its performance analysis when compared to equivalent WS-Security configuration.

Security and privacy for in-vehicle networks

Mobile devices such as smartphones have gained more and more attention from security researchers and malware authors, the latter frequently attacking those platforms and stealing personal information. Vehicle on-board networks, in particular infotainment systems, are increasingly connected with such mobile devices and the internet and will soon make it possible to load and install third party applications. This makes them susceptible to new attacks similar to those which plague mobile phones and personal computers. The breach of privacy is equally sensitive in the vehicular domain. Even worse, broken security is a serious threat to car safety. In this paper, we show how traditional automotive communication systems can be instrumented with taint tracking tools in a security framework that allows to dynamically monitor data flows within and between control units to achieve elevated security and privacy.

A security protocol for self-organizing data storage

This paper describes a cryptographic protocol for securing self-organized data storage through periodic verifications. The proposed verification protocol, which goes beyond simple integrity checks and proves data conservation, is deterministic, efficient, and scalable. The security of this scheme relies both on the ECDLP intractability assumption and on the difficulty of finding the order of some specific elliptic curve over Zn. The protocol also makes it possible to personalize replicas and to delegate verification without revealing any secret information.

Secure Web Service Discovery: Overcoming Challenges of Ubiquitous Computing

Dynamic and self-organizing systems like those found in ubiquitous computing or semantic Web based scenarios raise numerous challenges regarding trust and privacy. Service discovery is a basic feature of SOA deployment in such systems, given that entities need to locate services they can describe but that they do not necessarily know. PKI based solutions to securing this mechanism, which require a preliminary key distribution, are therefore rendered awkward and contrived. In contrast, the new concept of attribute based encryption, derived from identity based encryption schemes, makes it possible to create secret communication channels with unknown services based solely on some attributes that are part of their description and in a decentralized fashion, that is, without the introduction of any additional trusted third party like a registry. This paper discusses how such a scalable solution to enabling secure and decentralized discovery protocols can be implemented and put to use. After reviewing the security properties that are expected, the paper then goes on to detail how to extend the WS-discovery Web service protocol with such mechanisms. Preliminary experimental results based on an implementation of this extended protocol are finally presented

Embedding Distance-Bounding Protocols within Intuitive Interactions

Although much research was conducted on devising intuitive interaction paradigms with pervasive computing devices, it has not been realized that authentication, an important need in this context, has a strong impact on the ease of use. More specifically, distance-bounding protocols are necessary in some of the most interesting scenarios in pervasive computing. This article describes a drag-and-drop interaction paradigm that enables strong authentication by embedding such a protocol within personal authentication tokens. This article also discusses how this paradigm can be used as the basis for performing user-friendly pervasive multi-party secure interactions.