Dipl.-Inf.

Roscher, Karsten

Filters

9 3
Reset filters

Settings
Now showing 1 - 10 of 12
  • Publication
    Protocol modeling accuracy in VANET simulators
    ( 2017)
    Bittl, Sebastian
    ;
    Roscher, Karsten
    Vehicular ad hoc networks are about to enter the mass market in upcoming years. High effort for real world field tests leads to high dependency of development and evaluation of such networks on simulations. We compare supported features of common simulation frameworks with current standards and study the performance impact of incomplete standard conformance. We find that a lack of support for data encoding schemes and security functionality may massively affect simulation results. Our findings apply to many well-known simulation frameworks. Proposals to overcome identified weaknesses are provided.
  • Publication
    Efficient distribution of certificate chains in VANETs
    ( 2017)
    Bittl, Sebastian
    ;
    Roscher, Karsten
    Wireless car-to-X communication technology is about to enter the mass market within the next years. Thereby, security in created vehicular ad-hoc networks depends on digital signatures managed by a multi-level certificate hierarchy. Certificate distribution is critical in regard to channel usage and delay of data reception via security caused packet loss. These issues are even more significant in case not only pseudonym certificates, but also certificate authority certificates, have to be exchanged between nodes on demand. Prior work has not treated dissemination of higher level elements from a multi-level certificate chain in detail. Thus, this work provides a study on the recently standardized algorithms. Several drawbacks of the straight forward solution taken so far are identified, which include severe denial of service weaknesses. Solutions to the distribution problem are found to be similar to the ones of the packet forwarding problem encountered in position-based routing. Hence, we study several algorithms for efficient distribution of a certificate chain in regard to channel load, which are adapted from their counterparts in position-based routing. Thereby, a combination of pseudonym certificate buffering with requester based responder selection is found to be able to completely remove the requirement for certificate chain distribution in VANETs. The introduced design avoids the found denial of service weakness, while decreasing the worst case size of the security envelope of VANET messages by more than a third at the same time.
  • Publication
    Mutual influence of certificate distribution and pseudonym change strategies in vehicular ad-hoc networks
    ( 2017)
    Bittl, Sebastian
    ;
    Roscher, Karsten
    Vehicular ad-hoc networks (VANETs) are subject to high interest from both the automotive industry as well as government bodies owing to their prospect of increasing safety of driving. Wireless data exchange within VANETs requires rigid security mechanisms to enable its usage in safety critical driver assistance systems. Requirements include not only authenticity and integrity of messages, but also privacy of drivers. We find that much research has been conducted on certificate dissemination and on privacy enhancing certificate (i.e., pseudonym) change. However, mutual influence of techniques from both domains has not been studied in prior work. Hence, we provide an analysis of such cross influence. We show that certificate change massively increases channel load under currently standardised certificate distribution mechanisms. Thus, we propose to use explicit signalling of certificate changes among nodes to limit the found overhead. The conducted evaluation shows that this approach overcomes the identified problems.
  • Publication
    Feasibility of Verify-on-Demand in VANETs
    ( 2016)
    Bittl, Sebastian
    ;
    Roscher, Karsten
    Wireless ad hoc networks are an important topic in the automotive domain. Thereby, strict security requirements lead to high effort for verification of digital signatures used to secure message exchange. A popular approach to limit such effort is to apply verify-on-demand schemes. However, we show that verify-on-demand requires much more cross layer dependencies than identified before. Moreover, a massive denial of service weakness of this kind of verification mechanism is found. Thus, we recommend to prefer verify-all schemes over their verify-on-demand counterparts.
  • Publication
    Efficient authorization authority certificate distribution in VANETs
    ( 2016)
    Bittl, Sebastian
    ;
    Roscher, Karsten
    Car-to-X communication systems are about to enter the mass market in upcoming years. Security in these networks depends on digital signatures managed by a multi-level certificate hierarchy. Thereby, certificate distribution is critical in regard to channel utilization and data reception delay via security caused packet loss. These issues are even more significant in case not only pseudonym certificates but also authorization authority certificates have to be exchanged between nodes in the VANET. Prior work has not studied distribution of the elements of a multi-levelcertificate chain in detail. Hence, this work provides an analysis of the currently standardized mechanisms and identifies several drawbacks of the straight forward solution proposed so far. Thereby, we find a severe denial of service attack on that solution. Moreover, the distribution problem is found to be similar to the packet forwarding problem encountered in position-based routing. Thus, we study several strategies for efficient distribution of a certificate chain in regard to channel lad, which are adapted from their counterparts in position-based routing. Thereby, we find that by combining pseudonym certificate buffering with requester based responder selection the requirement for certificate chain distribution in VANETs can be removed completely. Hence, the proposed design avoids the identified denial of service weakness and reduces the worst case size of the security envelope of VANET messages by more than a third.
  • Publication
    Simulationsbasierte Evaluierung eines zeit- und ortsbasierten Pseudonym-Wechsel-Verfahrens für ETSI ITS
    ( 2015)
    Bittl, Sebastian
    ;
    Schlegel, Marius
    ;
    Roscher, Karsten
    Die Einführung drahtloser Car-to-X-Kommunikation eröffnet zahlreiche Möglichkeiten für die Realisierung zukünftiger Fahrerassistenzsysteme. Aufgrund einer Vielzahl an verkehrssicherheitskritischen Anwendungsfällen werden in bisherigen Standards zur Wahrung von Authentizität, Integrität und Verbindlichkeit digitale Zertifikate und digital signierte Nachrichten verwendet. Um die Privatsphäre der Fahrzeugnutzer zu gewährleisten, setzt das bisher standardisierte Konzept auf ein unkoordiniertes Austauschen der Teilnehmeridentitäten bzw. ihrer Zertifikate. Da zahlreiche Schwächen in diesem Konzept identifiziert wurden, führen fortgeschrittene Ansätze zeitlich synchronisierte Identitätswechsel aus. Diese erfordern jedoch im Regelfall zusätzlichen Kommunikationsaufwand und limitieren die Erfolgsrate des Angreifers nur eingeschränkt. In dieser Arbeit wird daher ein zeit- und ortsabhängiges Verfahren vorgestellt, mit dem der erzielbare Lernfortschritt beim Tracking durch einen Angreifer minimiert wird, ohne eine zusätzliche Kommunikation der Teilnehmer untereinander zu erfordern. Die simulationsbasierte Evaluierung bestätigt die gute Verwendbarkeit des Ansatzes.
  • Publication
    Efficient rate-adaptive certificate distribution in VANETs
    ( 2015)
    Bittl, Sebastian
    ;
    Aydinli, Berke
    ;
    Roscher, Karsten
    Car-to-X communication systems, often called vehicular ad-hoc networks (VANETs), are in the process of entering the mass market in upcoming years. Thereby, security is a corepoint of concern due to the intended use for safety critical driver assistance systems. However, currently suggested security mechanisms introduce significant overhead into Car-to-X systems in terms of channel load and delay. Especially, the usage of on the fly distributed pseudonym certificates leads to a trade off between channel load and authentication delay, which may lead to significant packet loss. Thus, this work studies a novel concept for pseudonym certificate distribution in VANETs using rate-adaptive certificate distribution based on monitoring a vehicle's environment. Thereby, the cyclic certificate emission frequency is adapted on the fly based on cooperative awareness metrics for discrete parts of the vehicle's surrounding. The obtained mechanism is evaluated in a highway as well as an urban simulation scenario to show its suitability for a broad range of traffic conditions. Thereby, we find that it is able to significantly outperform the currently standardized approach for pseudonym certificate distribution in VANETs based on ETSI ITS standards. Thus, it should be regarded for further development of future VANETs.
  • Publication
    Distribution of pseudonym certificates via bursts for VANETs with low and medium mobility
    ( 2015)
    Bittl, Sebastian
    ;
    Aydinli, Berke
    ;
    Roscher, Karsten
    Wireless intelligent transport systems based on Car-to-X communication technology are about to enter the massmarket in upcoming years. Thereby, efficient and reliable security systems are a core point of concern in system design. Currently regarded digital signature schemes using pseudonym certificates can introduce significant overhead into the highly bandwidth restricted system. Thus, mechanisms to optimize the efficiency of the security mechanisms in regard to authentication delay and channel load are required. Prior work has focused on scenarios with high node mobility, e.g., freeways. However, bandwidth conserving mechanisms are also required for urban low and medium mobility scenarios to enable foreseen extension of the wireless network for the many other volatile road users like pedestrians. Hence, an approach for efficient pseudonym certificate distribution in urban scenarios is provided in this work. The given simulation based environment shows that it can enhance cooperative awareness while limiting used bandwidth. Thus, it can be regarded as well suitable for future urban intelligent transport systems.
  • Publication
    Effective certificate distribution in ETSI ITS VANETs using implicit and explicit requests
    ( 2015)
    Bittl, Sebastian
    ;
    Aydinli, Berke
    ;
    Roscher, Karsten
    Security and privacy of current Car-to-X systems heavily depends on the usage of pseudonym certificates. These carry the required information for authenticating messages received from other vehicles. However, only a limited amount of detailed studies about certificate distribution strategies in VANETs as well as attack surfaces of such systems has been proposed. Therefore, a general study about possible distribution mechanisms and their parametrization is provided in this work. Thereby, the management of entries in request lists is identified as a key issue for system performance. Additionally, a design flaw in the currently standardized ETSI ITS distribution scheme is outlined leading to the possibility of an attacker significantly increasing channel load on the safety critical control channel. A solution to this problem is suggested and an evaluation of its performance is provided. Furthermore, the evaluation shows the great influence of request list management on authentication delay and thus on security inducted packet loss.
  • Publication
    Security overhead and its impact in VANETs
    ( 2015)
    Bittl, Sebastian
    ;
    Roscher, Karsten
    ;
    Gonzalez, Arturo A.
    Vehicular ad hoc networks (VANETs), often called Car2X communication systems, are about to enter the mass market in upcoming years. They are intended to increase traffic safety by enabling new safety critical driver assistance systems. This also means that strong security mechanisms are required to safeguard communication within VANETs. However, standardized security mechanisms lead to significant overhead in terms of bandwidth requirement and delay. Prior work has focused on reducing the overhead by advanced strategies for pseudonym and authorization authority certificate exchange. However, we find that this is not enough to enable reliable message exchange in VANETs. Various other sources of overhead caused by security mechanisms in VANETs are identified in the provided analysis. Thereby, we find cross layer and cross message dependencies. In combination with the non-fragmentation property of VANET messages, such dependencies are discovered to lead to massive dropping of packets due to maximum size violations at low protocol layers. Thus, we develop a method for cross layer on demand content assembling for VANET messages, which can avoid the size limit violations without preventing individual layers from disseminating their variable length data sets.