Thesis

More documents

Recommendations

Info

1. INTRODUCTION In the remainder part of this chapter, the three wireless networks I worked with within this dissertation are introduced. 1.1 Introduction to RFID systems The following description of RFID systems and its security and privacy problems is based on [Juels, 2006; Langheinrich, 2009; Peris-Lopez et al., 2006]. The interested reader can get a broader view and deeper understanding on RFID systems by reading the cited papers instead of only relying on this short introduction. RFID (Radio-Frequency IDentification) is a technology for automated identification of objects or people. An RFID system consist of simple Tags, Readers, and Backend servers. The tags carry unique identifiers. These unique identifiers are read by nearby Readers by radio communication. The Readers send the obtained identifiers to Backend Servers. The goal of an RFID system is the unique identification of the holders of the Tags. Example applications of RFID systems include smart appliances, shopping, interactive objects, or medication compliance. This list can be expanded to hundreds of scenarios [Wu et al., 2009; RFID, 2012]. The main threats to privacy in RFID systems are tracking and inventorying. A tracking attacker can eavesdrop message exchanges in different parts of the network. If the system is not defended against such attacks, the attacker can link different message exchanges of the same user, hence can track the user. This is a very important concern in RFID systems, that is why this problem is discussed in Chapter 2 (the problem of tracking is actually not unique to RFID systems, and I will study it in a different context in Chapter 3, namely in vehicular networks). Inventorying is a specific attack against RFID systems. It relies on the assumption that in the near future, most of our objects will be tagged with distant readable RFID tags. An attacker carrying out an inventorying attack can get know exactly what a user wears, has in her pockets or bag without the consent of the user. In Chapter 2, two private authentication methods are given, which make it difficult for an attacker to carry out tracking and inventorying attacks. Another important field of security problems regarding RFID is the authenticity of the tags. In short, the privacy problem is related to malicious readers, while the authenticity problem is related to malicious tags. The main problem is that illegitimate tags can be counterfeited to obtain the same rights as the legitimate tag holds. In the following, I will assume the presence of malicious readers, but no malicious tags is considered. When considering the RFID tags capabilities, the tags on the market can be classified into two main categories: basic tags with no real cryptographic capabilities and advanced tags with some symmetric key cryptography capabilities. Basic tags Basic RFID tags lack the resources to perform true cryptographic operations. The lack of cryptography in basic RFID tags is a big impediment to security design; cryptography, after all, is the main building block of data security. The main approaches to provide privacy to basic tags are the following: killing, sleeping, renaming, proxying, distance measurement, blocking, and legislation. Killing and sleeping are very similar approaches. The basic idea is that an authenticated command can reversibly or permanently switch off the tag. Another approach is to divide the identifier space into two separate parts by a modifiable privacy bit [Juels et al., 2003; Juels and Brainard, 2004]. The two parts are the private and the public parts. A blocker device can make the scanning of private tags infeasible, and the tags can be moved between the public and private zone on demand. Another device based solution is the proxying, where the holder of the tag can use some equipments (like a mobile phone)to enforce privacy [Floerkemeier et al., 2005; Juels et al., 2006; Rieback et al., 2005]. 2
1.2. Introduction to Vehicular Ad Hoc Networks The tracking problem is based on the fact, that tags use static identifiers. Some proposals suggest to rename the tags by readers [Instruments, 2005], or the tag itself can rotate pseudonyms [Juels, 2005a] to make tracking harder. In distance measurement the tags can roughly measure their distance to the reader by measuring the signal-to-noise ratio of the channel [Fishkin et al., 2005]. This can be used to avoid distant aggressive scanning. A non technical approach is legislation: There are some efforts to regulate the usage of RFID tags from the privacy point of view [Kelly and Erickson, 2005], but these efforts are far from efficient completion. Ultimately, this approach may be more effective and cost efficient than any other (e.g. from an economic aspect, it is not worth to track if the tracker can go to jail by doing so). The authentication of basic tags is as hard as providing privacy to them. There are some work [Juels, 2005b], how the kill PIN can be used to authenticate the tags. Advanced tags Advanced tags are capable of simple symmetric key operations. However weak cryptographic algorithms are targets of successfull attacks [Bono et al., 2005]. Another attack type against cryptographically enabled tags are the man-in-the-middle attacks. In a MiM attack the attacker is relaying messages between the tag and the reader and by doing so, he can modify, delete, and inject messages in their communication. This can also be done if the tag and the reader are not in vicinity [Hancke, 2005; Kfir and Wool, 2005]. The privacy of advanced tags is deeply analyzed in Chapter 2. In short, the problem is that the tag is not allowed to send its identifier in order to avoid tracking, therefore the reader needs a lot of trials to find the right decryption key. The computational burden on the reader can be partly alleviated with key-trees [Molnar and Wagner, 2004], synchronization [Ohkubo et al., 2004], or time-memory tradeoffs [Avoine et al., 2005; Avoine and Oechslin, 2005]. However, all known mitigation techniques lead to degradation of privacy or efficiency. The degradation of privacy is analyzed in Chapter 2, where efficient solutions are also proposed. 1.2 Introduction to Vehicular Ad Hoc Networks The following description of Vehicular Ad Hoc Networks and their security and privacy properties is based on [Raya and Hubaux, 2005; Raya and Hubaux, 2007; Lin et al., 2008; Blum et al., 2004b; Dötzer, 2006]. The interested reader can get a broader view and deeper understanding on VANETs by reading the cited papers instead of only relying on this short introduction. The main motivation to use VANETs is to enhance traffic safety, traffic efficiency, give assistance to drivers, and the possibility of infotainment applications. A VANET consist of vehicles equipped with On Board Units (OBUs) and wireless communication equipment, Road Side Units (RSUs), and backend infrastructure. The vehicles exchange messages regularly with each other and with the infrastructure using wireless communication to achieve the main goals such as safer roads. The main vulnerabilities in VANETs come from the wireless nature of the communication, and the sensitive information, such as location of users, used by the network. One major vulnerability comes from the the wireless nature of the system: the communication can be jammed easily, the messages can be forged. Another problem related to the wireless communication is that while the nodes are relaying messages, they can modify them. This is called In-Transit Traffic Tampering. Another kind of problem, that the vehicles can impersonate other vehicles with higher privileges such as emergency vehicles to gain extra privileges. The most relevant problem to this dissertation is that the privacy of the drivers of the vehicles can be violated. This vulnerability is analyzed in Chapter 3. In general an attacker can achieve her goals by tampering the OBU, an RSU, sensor readings, or the wireless channel. Traditional mechanisms cannot deal with the vulnerabilities discussed above because of the new challenges in VANETs. Such challenge is the high network volatility caused by the highly mobile very large scale network. Another challenge is that the network must offer liability and 3
Page 1: Budapest University of Technology a
Page 5 and 6: Abstract Wireless networks are used
Page 7 and 8: Kivonat Vezeték nélküli hálóza
Page 9: Acknowledgement First of all, I wou
Page 12 and 13: CONTENTS 4 Anonymous Aggregator Ele
Page 15: List of Tables 2.1 Illustration of
Page 19: Chapter 1 Introduction In this diss
Page 23 and 24: 1.3. Introduction to Wireless Senso
Page 25: 1.3. Introduction to Wireless Senso
Page 28 and 29: 2. PRIVATE AUTHENTICATION Some year
Page 30 and 31: 2. PRIVATE AUTHENTICATION anonymity
Page 32 and 33: 2. PRIVATE AUTHENTICATION Obviously
Page 34 and 35: 2. PRIVATE AUTHENTICATION In order
Page 36 and 37: 2. PRIVATE AUTHENTICATION Proof. By
Page 38 and 39: 2. PRIVATE AUTHENTICATION 2.4 Analy
Page 40 and 41: 2. PRIVATE AUTHENTICATION For each
Page 42 and 43: 2. PRIVATE AUTHENTICATION Reader R
Page 44 and 45: 2. PRIVATE AUTHENTICATION P ( ( N
Page 46 and 47: 2. PRIVATE AUTHENTICATION Avoine et
Page 48 and 49: 3. LOCATION PRIVACY IN VANETS pseud
Page 50 and 51: 3. LOCATION PRIVACY IN VANETS Since
Page 52 and 53: 3. LOCATION PRIVACY IN VANETS This
Page 54 and 55: 3. LOCATION PRIVACY IN VANETS reach
Page 56 and 57: 3. LOCATION PRIVACY IN VANETS N5.1
Page 58 and 59: 3. LOCATION PRIVACY IN VANETS Succe
Page 60 and 61: 3. LOCATION PRIVACY IN VANETS Figur
Page 62 and 63: 3. LOCATION PRIVACY IN VANETS 3.7.2
Page 64 and 65: 3. LOCATION PRIVACY IN VANETS map,
Page 67 and 68: Chapter 4 Anonymous Aggregator Elec
Page 69 and 70: 4.2. System and attacker models res
Page 71 and 72:
4.3. Basic protocol The main differ
Page 73 and 74:
Table 4.1: Estimated time of the bu
Page 75 and 76:
Probability of being cluster aggreg
Page 77 and 78:
− n∑ i=1 H = − n+1 ∑ 4.3. B
Page 79 and 80:
4.4. Advanced protocol Table 4.3: S
Page 81 and 82:
100 90 80 70 60 50 40 30 20 10 0 0
Page 83 and 84:
4.4. Advanced protocol If we consid
Page 85 and 86:
4.4.4 Query 4.4. Advanced protocol
Page 87 and 88:
L N D B NM < L N (4.5) A (4.7) (4.6
Page 89 and 90:
R ′ = R− N i=1 h(Q|ki) ÆÓ Å
Page 91:
4.7. Related publications systems w
Page 94 and 95:
5. APPLICATION OF NEW RESULTS an ap
Page 96 and 97:
6. CONCLUSION on this knowledge, sh
Page 99:
List of Acronyms CA Cluster Aggrega
Page 102 and 103:
LIST OF PUBLICATIONS [Holczer and B
Page 104 and 105:
BIBLIOGRAPHY [Beye and Veugen, 2011
Page 106 and 107:
BIBLIOGRAPHY [El Zarki et al., 2002
Page 108 and 109:
BIBLIOGRAPHY [Juels, 2005b] A. Juel
Page 110 and 111:
BIBLIOGRAPHY [Oliveira et al., 2008
Page 112:
BIBLIOGRAPHY [Wiedersheim et al., 2
show all

Thesis

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?