Shlomi Dolev

Authenticating vehicles on the fly
(invited talk ESORICS 2014, Wroclaw)

In recent future, vehicles will establish a spontaneous connection over a wireless radio channel, coordinating actions and information. Vehicles will exchange warning messages over the wireless radio channel through Dedicated Short Range Communication IEEE 1609 over the Wireless Access in Vehicular Environment 802.11p. Unfortunately, the wireless communication among vehicles is vulnerable to security threats that may lead to very serious safety hazards. Security infrastructure is most important in such a hazardous scope of vehicles communication for coordinating actions and avoiding accidents on the roads. Therefore, these warning messages must incorporate an authentication factor such that warning receiver is willing to accept the message and react in a timely manner. Up to now, the authentication schemes involve trusted third party during the establishment of the common private secret key, which requires extra infrastructure and, moreover is not always feasible.

Basic scheme, no hardware: We propose to certify both the public key and out-of- band sense-able static attributes to enable mutual authentication of the communicating vehicles. Vehicle owners are bound to preprocess (periodically, possibly during the annual inspection procedure) a certificate that signs monolithically both a public key and a list of fixed unchangeable attributes (e.g., license number, brand and color) of the vehicle (extending ISO 3779 and 3780 standards). With such a scheme the vehicle can verify (say by using a camera) that the public key belongs to the specific vehicle to which the connection should be established (rather than a public key of a standing by adversary).

Intermediate scheme simple laser: We further suggest a more sophisticated scheme to cope with scenario in which the adversary uses a vehicle with identical static attributes as the original vehicle. We consider the case of multiple malicious vehicles with identical visual static attributes. Apparently, dynamic attributes (e.g., location and direction) can uniquely define a vehicle and can be utilized to resolve the true identity of vehicles. However, unlike static attributes, dynamic attributes cannot be signed by a trusted authority beforehand. We propose an approach to verify the coupling between non-certified dynamic attributes and certified static attributes via an auxiliary communication channel, for example, a modulated laser beam (basing our scheme on laser technology similar to the laser used to measure speed of a car at a certain location).

Sophisticated scheme PUF: At last we propose to use optical Physically Unclonable Function (PUF) to make sure that the response is spontaneous by the receiving vehicle, rather than an answer forwarded from another vehicle, namely, using the round trip delay information and even more sophisticated preprocessing that will allow authentication without measuring the round trip delay. Vehicles utilize an out- of-band optical communication channel in order to exchange the PUF stimulated optical challenge and corresponding response from the sender and receiver, respectively.