SePCAR: A Secure and Privacy-Enhancing Protocol for Car Access Provision

[en] We present an efficient secure and privacy-enhancing protocol for car access provision, named SePCAR. The protocol is fully decentralised and allows users to share their cars conveniently without sacrifising their security and privacy. It provides generation, update, revocation, and distribution mechanisms for access tokens to shared cars, as well as procedures to solve disputes and to deal with law enforcement requests, for instance in the case of car incidents. We prove that SePCAR meets its appropriate security and privacy requirements and that it is efficient: our practical efficiency analysis through a proof-of-concept implementation shows that SePCAR takes only 1.55 s for a car access provision.

Disciplines :

Sciences informatiques

Auteur, co-auteur :

SYMEONIDIS, Iraklis ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Aly, Abdelrahaman

Mustafa, Mustafa Asan

Mennink, Bart

Dhooghe, Siemen

Preneel, Bart

Foley, Simon N.

Gollmann, Dieter

Snekkenes, Einar

Co-auteurs externes :

yes

Langue du document :

Anglais

Titre :

SePCAR: A Secure and Privacy-Enhancing Protocol for Car Access Provision

Date de publication/diffusion :

2017

Nom de la manifestation :

22nd European Symposium on Research in Computer Security

Lieu de la manifestation :

Oslo, Norvège

Date de la manifestation :

September 11-15, 2017

Titre de l'ouvrage principal :

Computer Security -- ESORICS 2017

Auteur, co-auteur :

SYMEONIDIS, Iraklis

Maison d'édition :

Springer International Publishing, Cham, Inconnu/non spécifié

Edition :

ISBN/EAN :

978-3-319-66399-9

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Commentaire :

475--493

Disponible sur ORBilu :

depuis le 05 décembre 2018

Statistiques

Nombre de vues

113 (dont 9 Unilu)

Nombre de téléchargements

122 (dont 5 Unilu)

Voir plus de statistiques

citations Scopus^®

citations Scopus^®
sans auto-citations

Bibliographie

Araki, T., Furukawa, J., Lindell, Y., Nof, A., Ohara, K.: High-throughput semi-honest secure three-party computation with an honest majority. In: Proceedings of the 2016 ACM SIGSAC CCS, pp. 805–817 (2016)
Balasch, J., Rial, A., Troncoso, C., Preneel, B., Verbauwhede, I., Geuens, C.: PrETP: privacy-preserving electronic toll pricing. In: USENIX, pp. 63–78 (2010)
Bellare, M., Boldyreva, A., Micali, S.: Public-key encryption in a multi-user setting: security proofs and improvements. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 259–274. Springer, Heidelberg (2000). doi:10.1007/3-540-45539-6 18
Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: FOCS, pp. 394–403 (1997)
Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. J. Comput. Syst. Sci. 61(3), 362–399 (2000). http://dx.doi.org/10.1006/jcss.1999.1694
Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: STOC, pp. 1–10. ACM (1988)
Bert, J., Collie, B., Gerrits, M., Xu, G.: What’s ahead for car sharing?: the new mobility and its impact on vehicle sales. https://goo.gl/ZmPZ5t. Accessed June 2017
BMW: DriveNow Car Sharing. https://drive-now.com/. Accessed Nov 2016
Council of the EU Final Compromised Resolution: General Data Protection Regulation. http://www.europarl.europa.eu. Accessed Feb 2015
Damgård, I., Fitzi, M., Kiltz, E., Nielsen, J.B., Toft, T.: Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 285–304. Springer, Heidelberg (2006). doi:10.1007/11681878 15
Damgård, I., Keller, M.: Secure multiparty AES. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 367–374. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14577-3 31
Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012). doi:10. 1007/978-3-642-32009-5 38
Fireball, D.: Regarding Uber’s New ‘Always’ Location Tracking. https://goo.gl/L1Elve. Accessed Apr 2017
Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Des. Codes Crypt. 2(2), 107–125 (1992). http://dx.doi.org/10.1007/BF00124891
Dmitrienko, A., Plappert, C.: Secure free-floating car sharing for offline cars. In: ACM CODASPY, pp. 349–360 (2017)
Enev, M., Takakuwa, A., Koscher, K., Kohno, T.: Automobile driver fingerprinting. PoPETs 2016(1), 34–50 (2016)
EVITA: E-safety Vehicle Intrusion Protected Applications (EVITA). http://www. evita-project.org/. Accessed Nov 2016
Furukawa, J., Lindell, Y., Nof, A., Weinstein, O.: High-throughput secure three-party computation for malicious adversaries and an honest majority. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 225–255. Springer, Cham (2017). doi:10.1007/978-3-319-56614-6 8
Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)
Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)
GOV.UK: reducing mobile phone theft and improving security. https://goo.gl/o2v99g. Accessed Apr 2017
International Organization for Standardization: ISO/IEC 9797-1:2011. https://www.iso.org/standard/50375.html. Accessed June 2017
Internet Engineering Task Force: PKCS #1: RSA Cryptography Specifications Version 2.0. https://tools.ietf.org/html/rfc2437. Accessed June 2017
Internet Engineering Task Force: Use of the RSA-KEM Key Transport Algorithm in the Cryptographic Message Syntax (CMS). https://tools.ietf.org/html/rfc5990. Accessed June 2017
INVERS: Make Mobility Shareable. https://invers.com/. Accessed Apr 2017
Keller, M., Orsini, E., Scholl, P.: MASCOT: faster malicious arithmetic secure computation with oblivious transfer. In: ACM SIGSAC, pp. 830–842 (2016)
Kerschbaum, F., Lim, H.W.: Privacy-preserving observation in public spaces. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9327, pp. 81–100. Springer, Cham (2015). doi:10.1007/978-3-319-24177-7 5
Khodaei, M., Jin, H., Papadimitratos, P.: Towards deploying a scalable & robust vehicular identity and credential management infrastructure. CoRR (2016)
Lipmaa, H., Toft, T.: Secure equality and greater-than tests with sublinear online complexity. In: Fomin, F.V., Freivalds, R., Kwiatkowska, M., Peleg, D. (eds.) ICALP 2013. LNCS, vol. 7966, pp. 645–656. Springer, Heidelberg (2013). doi:10. 1007/978-3-642-39212-2 56
Micali, S.: Algorand: the efficient and democratic ledger (2016). arXiv:1607.01341
Mustafa, M.A., Zhang, N., Kalogridis, G., Fan, Z.: Roaming electric vehicle charging and billing: An anonymous multi-user protocol. In: IEEE SmartGridComm, pp. 939–945 (2014)
Naphade, M.R., Banavar, G., Harrison, C., Paraszczak, J., Morris, R.: Smarter cities and their innovation challenges. IEEE Comput. 44(6), 32–39 (2011)
OpenSSL: Cryptography and SSL/TLS Toolkit. https://www.openssl.org/. Accessed Apr 2017
PRESERVE: Preparing Secure Vehicle-to-X Communication Systems (PRE-SERVE). https://www.preserve-project.eu/. Accessed Nov 2016
Ramamurthy, H., Prabhu, B., Gadh, R., Madni, A.M.: Wireless industrial monitoring and control using a smart sensor platform. IEEE Sens. J. 7(5), 611–618 (2007)
Raya, M., Papadimitratos, P., Hubaux, J.: Securing vehicular communications. IEEE Wirel. Commun. 13(5), 8–15 (2006)
reddit: identifying Muslim cabbies from trip data and prayer times. https://goo. gl/vLrW1s. Accessed Apr 2017
Rogaway, P., Shrimpton, T.: Cryptographic hash-function basics: definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 371–388. Springer, Heidelberg (2004). doi:10.1007/978-3-540-25937-4 24
Shaheen, S.A., Cohen, A.P.: Car sharing and personal vehicle services: worldwide market developments and emerging trends. Int. J. Sustain. Transp. 7(1), 5–34 (2013)
Symeonidis, I., Mustafa, M.A., Preneel, B.: Keyless car sharing system: a security and privacy analysis. In: IEEE ISC2, pp. 1–7 (2016)
Guardian, T.: Hell of a ride: even a PR powerhouse couldn’t get Uber on track. https://goo.gl/UcIihE. Accessed Apr 2017
Tor: METRICS. https://metrics.torproject.org/torperf.html. Accessed Apr 2017
Tor Project: protect your privacy. Defend yourself against network surveillance and traffic analysis. https://www.torproject.org/. Accessed Apr 2017
Troncoso, C., Danezis, G., Kosta, E., Balasch, J., Preneel, B.: PriPAYD: privacy-friendly pay-as-you-drive insurance. IEEE TDSC 8(5), 742–755 (2011)
Trusted Computing Group: TPM 2.0 Library Profile for Automotive-Thin. https://goo.gl/fy3DxD. Accessed June 2016
United States Patent, Trademark Office. Applicant: Apple Inc.: accessing a vehicle using portable devices. https://goo.gl/a9pyX7. Accessed June 2017
USA TODAY: Toyota will test keyless car sharing. https://goo.gl/C9iq34. Accessed Nov 2016
Volvo: Worth a Detour. https://www.sunfleet.com/. Accessed Nov 2016
Wielinski, G., Trépanier, M., Morency, C.: Electric and hybrid car use in a free-floating carsharing system. Int. J. Sustain. Transp. 11(3), 161–169 (2017)