Dipl.-Inf.

Roscher, Karsten

Filters

4
3 1
4
Reset filters

Settings
Now showing 1 - 4 of 4
  • Publication
    Feasibility of Verify-on-Demand in VANETs
    ( 2016)
    Bittl, Sebastian
    ;
    Roscher, Karsten
    Wireless ad hoc networks are an important topic in the automotive domain. Thereby, strict security requirements lead to high effort for verification of digital signatures used to secure message exchange. A popular approach to limit such effort is to apply verify-on-demand schemes. However, we show that verify-on-demand requires much more cross layer dependencies than identified before. Moreover, a massive denial of service weakness of this kind of verification mechanism is found. Thus, we recommend to prefer verify-all schemes over their verify-on-demand counterparts.
  • Publication
    Efficient authorization authority certificate distribution in VANETs
    ( 2016)
    Bittl, Sebastian
    ;
    Roscher, Karsten
    Car-to-X communication systems are about to enter the mass market in upcoming years. Security in these networks depends on digital signatures managed by a multi-level certificate hierarchy. Thereby, certificate distribution is critical in regard to channel utilization and data reception delay via security caused packet loss. These issues are even more significant in case not only pseudonym certificates but also authorization authority certificates have to be exchanged between nodes in the VANET. Prior work has not studied distribution of the elements of a multi-levelcertificate chain in detail. Hence, this work provides an analysis of the currently standardized mechanisms and identifies several drawbacks of the straight forward solution proposed so far. Thereby, we find a severe denial of service attack on that solution. Moreover, the distribution problem is found to be similar to the packet forwarding problem encountered in position-based routing. Thus, we study several strategies for efficient distribution of a certificate chain in regard to channel lad, which are adapted from their counterparts in position-based routing. Thereby, we find that by combining pseudonym certificate buffering with requester based responder selection the requirement for certificate chain distribution in VANETs can be removed completely. Hence, the proposed design avoids the identified denial of service weakness and reduces the worst case size of the security envelope of VANET messages by more than a third.
  • Publication
    Efficient rate-adaptive certificate distribution in VANETs
    ( 2015)
    Bittl, Sebastian
    ;
    Aydinli, Berke
    ;
    Roscher, Karsten
    Car-to-X communication systems, often called vehicular ad-hoc networks (VANETs), are in the process of entering the mass market in upcoming years. Thereby, security is a corepoint of concern due to the intended use for safety critical driver assistance systems. However, currently suggested security mechanisms introduce significant overhead into Car-to-X systems in terms of channel load and delay. Especially, the usage of on the fly distributed pseudonym certificates leads to a trade off between channel load and authentication delay, which may lead to significant packet loss. Thus, this work studies a novel concept for pseudonym certificate distribution in VANETs using rate-adaptive certificate distribution based on monitoring a vehicle's environment. Thereby, the cyclic certificate emission frequency is adapted on the fly based on cooperative awareness metrics for discrete parts of the vehicle's surrounding. The obtained mechanism is evaluated in a highway as well as an urban simulation scenario to show its suitability for a broad range of traffic conditions. Thereby, we find that it is able to significantly outperform the currently standardized approach for pseudonym certificate distribution in VANETs based on ETSI ITS standards. Thus, it should be regarded for further development of future VANETs.
  • Publication
    Simulationsbasierte Evaluierung eines zeit- und ortsbasierten Pseudonym-Wechsel-Verfahrens für ETSI ITS
    ( 2015)
    Bittl, Sebastian
    ;
    Schlegel, Marius
    ;
    Roscher, Karsten
    Die Einführung drahtloser Car-to-X-Kommunikation eröffnet zahlreiche Möglichkeiten für die Realisierung zukünftiger Fahrerassistenzsysteme. Aufgrund einer Vielzahl an verkehrssicherheitskritischen Anwendungsfällen werden in bisherigen Standards zur Wahrung von Authentizität, Integrität und Verbindlichkeit digitale Zertifikate und digital signierte Nachrichten verwendet. Um die Privatsphäre der Fahrzeugnutzer zu gewährleisten, setzt das bisher standardisierte Konzept auf ein unkoordiniertes Austauschen der Teilnehmeridentitäten bzw. ihrer Zertifikate. Da zahlreiche Schwächen in diesem Konzept identifiziert wurden, führen fortgeschrittene Ansätze zeitlich synchronisierte Identitätswechsel aus. Diese erfordern jedoch im Regelfall zusätzlichen Kommunikationsaufwand und limitieren die Erfolgsrate des Angreifers nur eingeschränkt. In dieser Arbeit wird daher ein zeit- und ortsabhängiges Verfahren vorgestellt, mit dem der erzielbare Lernfortschritt beim Tracking durch einen Angreifer minimiert wird, ohne eine zusätzliche Kommunikation der Teilnehmer untereinander zu erfordern. Die simulationsbasierte Evaluierung bestätigt die gute Verwendbarkeit des Ansatzes.