Thesis

More documents

Recommendations

Info

2. PRIVATE AUTHENTICATION Avoine et al. analyze the effects of compromised members on privacy in the key-tree based approach [Avoine et al., 2005]. They study the case of a single compromised member, as well as the general case of any compromised members. However, their analysis is not based on the notion of anonymity sets. In their model, the adversary is first allowed to compromise some members, then it chooses a target member that it wants to trace, and it is allowed to interact with the chosen member. Later, the adversary is given two members such that one of them is the target member chosen by the adversary. The adversary can interact with the given members, and it must decide which one is its target. The level of privacy provided by the system is quantified by the success probability of the adversary. Beye and Veugen goes a little further and analyze, what happens if the attacker has access to side channel information, and adapts the attack dynamically [Beye and Veugen, 2012]. They analyze the case of key trees described in this chapter as well and generalize the problem by setting only a minimum on N in [Beye and Veugen, 2011]. 2.9 Conclusion Key-trees provide an efficient solution for private authentication in the symmetric key setting. However, the level of privacy provided by key-tree based systems decreases considerably if some members are compromised. This loss of privacy can be minimized by the careful design of the tree. Based on the results presented in this chapter, we can conclude that a good practical design principle is to maximize the branching factor at the first level of the tree such that the resulting tree still respects the constraint on the maximum authentication delay in the system. Once the branching factor at the first level is maximized, the tree can be further optimized by maximizing the branching factors at the successive levels, but the improvement achieved in this way is not really significant; what really counts is the branching factor at the first level. In the second part of this chapter, I proposed a novel group based private authentication scheme. I analyzed the proposed scheme and quantified the level of privacy that it provides. I compared the group based scheme to the key-tree based scheme originally proposed by Molnar and Wagner, and later optimized by me in the first half of this chapter. I showed that the group based scheme provides a higher level of privacy than the key-tree based scheme. In addition, the complexity of the group based scheme for the verifier can be set to be the same as in the key-tree based scheme, while the complexity for the prover is always smaller in the latter scheme. The primary application area of the schemes are that of RFID systems, but it can also be used in applications with similar characteristics (e.g., in wireless sensor networks). 2.10 Related publications [Buttyan et al., 2006a] Levente Buttyan, Tamas Holczer, and Istvan Vajda. Optimal key-trees for tree-based private authentication. In Proceedings of the International Workshop on Privacy Enhancing Technologies (PET), June 2006. Springer. [Buttyan et al., 2006b] Levente Buttyan, Tamas Holczer, and Istvan Vajda. Providing location privacy in automated fare collection systems. In Proceedings of the 15th IST Mobile and Wireless Communication Summit, Mykonos, Greece, June 2006. [Avoine et al., 2007] Gildas Avoine, Levente Buttyan, Tamas Holczer, and Istvan Vajda. Groupbased private authentication. In Proceedings of the International Workshop on Trust, Security, and Privacy for Ubiquitous Computing (TSPUC 2007). IEEE, 2007. 28
Chapter 3 Location Privacy in Vehicular Ad Hoc Networks 3.1 Introduction In this chapter, I investigate what level of privacy a driver can achieve in Vehicular Ad Hoc Networks (VANET). More specifically, in the first half of this chapter, I investigate how can a local eavesdropping attacker trace the vehicles based on their frequently sent status information. In the second half of this chapter (from Section 3.4), I go a little further in terms of strength of attacker, and check what can a global eavesdropping attacker do. After realizing its broad capabilities, I suggest an algorithm, which can greatly reduce the attackers success rate. Recently, initiatives to create safer and more efficient driving conditions have begun to draw strong support in Europe [COM], in the US [VSC], and in Japan [ASV]. Vehicular communications will play a central role in this effort, enabling a variety of applications for safety, traffic efficiency, driver assistance, and entertainment. However, besides the expected benefits, vehicular communications also have some potential drawbacks. In particular, many envisioned safety related applications require that the vehicles continuously broadcast their current position and speed in so called heart beat messages. This allows the vehicles to predict the movement of other nearby vehicles and to warn the drivers if a hazardous situation is about to occur. While this can certainly be advantageous, an undesirable side effect is that it makes it easier to track the physical location of the vehicles just by eavesdropping these heart beat messages. One approach to solve this problem is that the vehicles broadcast their messages under pseudonyms that they change with some frequency [Raya and Hubaux, 2005]. The change of a pseudonym means that the vehicle changes all of its physical and logical addresses at the same time. Indeed, in most of the applications, the important thing is to let other vehicles know that there is a vehicle at a given position moving with a given speed, but it is not really important which particular vehicle it is. Thus, using pseudonyms is just as good as using real identifiers as far as the functionality of the applications is concerned. Obviously, these pseudonyms must be generated in such a way that a new pseudonym cannot be directly linked to previously used pseudonyms of the same vehicle. Unfortunately, only changing pseudonyms is largely ineffective against a global eavesdropper that can hear all communications in the network. Such an adversary can predict the movement of the vehicles based on the position and speed information in the heart beat messages, and use this prediction to link different pseudonyms of the same vehicle together with high probability. For instance, if at time t, a given vehicle is at position ⃗p and moves with speed ⃗v, then after some short time τ, this vehicle will most probably be at position ⃗p + τ · ⃗v. Therefore, the adversary will know that the vehicle that reports itself at (or near to) position ⃗p + τ ·⃗v at time t + τ is the same vehicle as the one that reported itself at position ⃗p at time t, even if in the meantime, the vehicle changed 29
Page 1: Budapest University of Technology a
Page 5 and 6: Abstract Wireless networks are used
Page 7 and 8: Kivonat Vezeték nélküli hálóza
Page 9: Acknowledgement First of all, I wou
Page 12 and 13: CONTENTS 4 Anonymous Aggregator Ele
Page 15: List of Tables 2.1 Illustration of
Page 19 and 20: Chapter 1 Introduction In this diss
Page 21 and 22: 1.2. Introduction to Vehicular Ad H
Page 23 and 24: 1.3. Introduction to Wireless Senso
Page 25: 1.3. Introduction to Wireless Senso
Page 28 and 29: 2. PRIVATE AUTHENTICATION Some year
Page 30 and 31: 2. PRIVATE AUTHENTICATION anonymity
Page 32 and 33: 2. PRIVATE AUTHENTICATION Obviously
Page 34 and 35: 2. PRIVATE AUTHENTICATION In order
Page 36 and 37: 2. PRIVATE AUTHENTICATION Proof. By
Page 38 and 39: 2. PRIVATE AUTHENTICATION 2.4 Analy
Page 40 and 41: 2. PRIVATE AUTHENTICATION For each
Page 42 and 43: 2. PRIVATE AUTHENTICATION Reader R
Page 44 and 45: 2. PRIVATE AUTHENTICATION P ( ( N
Page 48 and 49: 3. LOCATION PRIVACY IN VANETS pseud
Page 50 and 51: 3. LOCATION PRIVACY IN VANETS Since
Page 52 and 53: 3. LOCATION PRIVACY IN VANETS This
Page 54 and 55: 3. LOCATION PRIVACY IN VANETS reach
Page 56 and 57: 3. LOCATION PRIVACY IN VANETS N5.1
Page 58 and 59: 3. LOCATION PRIVACY IN VANETS Succe
Page 60 and 61: 3. LOCATION PRIVACY IN VANETS Figur
Page 62 and 63: 3. LOCATION PRIVACY IN VANETS 3.7.2
Page 64 and 65: 3. LOCATION PRIVACY IN VANETS map,
Page 67 and 68: Chapter 4 Anonymous Aggregator Elec
Page 69 and 70: 4.2. System and attacker models res
Page 71 and 72: 4.3. Basic protocol The main differ
Page 73 and 74: Table 4.1: Estimated time of the bu
Page 75 and 76: Probability of being cluster aggreg
Page 77 and 78: − n∑ i=1 H = − n+1 ∑ 4.3. B
Page 79 and 80: 4.4. Advanced protocol Table 4.3: S
Page 81 and 82: 100 90 80 70 60 50 40 30 20 10 0 0
Page 83 and 84: 4.4. Advanced protocol If we consid
Page 85 and 86: 4.4.4 Query 4.4. Advanced protocol
Page 87 and 88: L N D B NM < L N (4.5) A (4.7) (4.6
Page 89 and 90: R ′ = R− N i=1 h(Q|ki) ÆÓ Å
Page 91: 4.7. Related publications systems w
Page 94 and 95: 5. APPLICATION OF NEW RESULTS an ap
Page 96 and 97:
6. CONCLUSION on this knowledge, sh
Page 99:
List of Acronyms CA Cluster Aggrega
Page 102 and 103:
LIST OF PUBLICATIONS [Holczer and B
Page 104 and 105:
BIBLIOGRAPHY [Beye and Veugen, 2011
Page 106 and 107:
BIBLIOGRAPHY [El Zarki et al., 2002
Page 108 and 109:
BIBLIOGRAPHY [Juels, 2005b] A. Juel
Page 110 and 111:
BIBLIOGRAPHY [Oliveira et al., 2008
Page 112:
BIBLIOGRAPHY [Wiedersheim et al., 2
show all

Thesis

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?