Gianluca Scopelliti (Ericsson & KU Leuven), Christoph Baumann (Ericsson), Fritz Alder (KU Leuven), Eddy Truyen (KU Leuven), Jan Tobias Mühlberg (Université libre de Bruxelles & KU Leuven)

In Intelligent Transport Systems, secure communication between vehicles, infrastructure, and other road users is critical to maintain road safety. This includes the revocation of cryptographic credentials of misbehaving or malicious vehicles in a timely manner. However, current standards are vague about how revocation should be handled, and recent surveys suggest severe limitations in the scalability and effectiveness of existing revocation schemes. In this paper, we present a formally verified mechanism for self-revocation of Vehicle-to-Everything (V2X) pseudonymous credentials, which relies on a trusted processing element in vehicles but does not require a trusted time source. Our scheme is compatible with ongoing standardization efforts and, leveraging the Tamarin prover, is the first to guarantee the actual revocation of credentials with a predictable upper bound on revocation time and in the presence of realistic attackers. We test our revocation mechanism in a virtual 5G-Edge deployment scenario where a large number of vehicles communicate with each other, simulating real-world conditions such as network malfunctions and delays. Results show that our scheme upholds formal guarantees in practice, while exhibiting low network overhead and good scalability.

View More Papers

Vision: Towards Fully Shoulder-Surfing Resistant and Usable Authentication for...

Tobias Länge (Karlsruhe Institute of Technology), Philipp Matheis (Karlsruhe Institute of Technology), Reyhan Düzgün (Ruhr University Bochum), Melanie Volkamer (Karlsruhe Institute of Technology), Peter Mayer (Karlsruhe Institute of Technology, University of Southern Denmark)

Read More

CAN-MIRGU: A Comprehensive CAN Bus Attack Dataset from Moving...

Sampath Rajapaksha, Harsha Kalutarage (Robert Gordon University, UK), Garikayi Madzudzo (Horiba Mira Ltd, UK), Andrei Petrovski (Robert Gordon University, UK), M.Omar Al-Kadri (University of Doha for Science and Technology)

Read More

SOCs lead AI adoption: Transitioning Lessons to the C-Suite

Eric Dull, Drew Walsh, Scott Riede (Deloitte and Touche)

Read More

UntrustIDE: Exploiting Weaknesses in VS Code Extensions

Elizabeth Lin (North Carolina State University), Igibek Koishybayev (North Carolina State University), Trevor Dunlap (North Carolina State University), William Enck (North Carolina State University), Alexandros Kapravelos (North Carolina State University)

Read More