Gianluca Scopelliti (Ericsson & KU Leuven), Christoph Baumann (Ericsson), Fritz Alder (KU Leuven), Eddy Truyen (KU Leuven), Jan Tobias Mühlberg (Université libre de Bruxelles & KU Leuven)

In Intelligent Transport Systems, secure communication between vehicles, infrastructure, and other road users is critical to maintain road safety. This includes the revocation of cryptographic credentials of misbehaving or malicious vehicles in a timely manner. However, current standards are vague about how revocation should be handled, and recent surveys suggest severe limitations in the scalability and effectiveness of existing revocation schemes. In this paper, we present a formally verified mechanism for self-revocation of Vehicle-to-Everything (V2X) pseudonymous credentials, which relies on a trusted processing element in vehicles but does not require a trusted time source. Our scheme is compatible with ongoing standardization efforts and, leveraging the Tamarin prover, is the first to guarantee the actual revocation of credentials with a predictable upper bound on revocation time and in the presence of realistic attackers. We test our revocation mechanism in a virtual 5G-Edge deployment scenario where a large number of vehicles communicate with each other, simulating real-world conditions such as network malfunctions and delays. Results show that our scheme upholds formal guarantees in practice, while exhibiting low network overhead and good scalability.

View More Papers

Programmer's Perception of Sensitive Information in Code

Xinyao Ma, Ambarish Aniruddha Gurjar, Anesu Christopher Chaora, Tatiana R Ringenberg, L. Jean Camp (Luddy School of Informatics, Computing, and Engineering, Indiana University Bloomington)

Read More

EM Eye: Characterizing Electromagnetic Side-channel Eavesdropping on Embedded Cameras

Yan Long (University of Michigan), Qinhong Jiang (Zhejiang University), Chen Yan (Zhejiang University), Tobias Alam (University of Michigan), Xiaoyu Ji (Zhejiang University), Wenyuan Xu (Zhejiang University), Kevin Fu (Northeastern University)

Read More

Automatic Policy Synthesis and Enforcement for Protecting Untrusted Deserialization

Quan Zhang (Tsinghua University), Yiwen Xu (Tsinghua University), Zijing Yin (Tsinghua University), Chijin Zhou (Tsinghua University), Yu Jiang (Tsinghua University)

Read More