Dipl.-Inf.

Roscher, Karsten

Filters
Reset filters

Settings
Now showing 1 - 9 of 9
  • Publication
    Efficient authorization authority certificate distribution in VANETs
    ( 2016)
    Bittl, Sebastian
    ;
    Roscher, Karsten
    Car-to-X communication systems are about to enter the mass market in upcoming years. Security in these networks depends on digital signatures managed by a multi-level certificate hierarchy. Thereby, certificate distribution is critical in regard to channel utilization and data reception delay via security caused packet loss. These issues are even more significant in case not only pseudonym certificates but also authorization authority certificates have to be exchanged between nodes in the VANET. Prior work has not studied distribution of the elements of a multi-levelcertificate chain in detail. Hence, this work provides an analysis of the currently standardized mechanisms and identifies several drawbacks of the straight forward solution proposed so far. Thereby, we find a severe denial of service attack on that solution. Moreover, the distribution problem is found to be similar to the packet forwarding problem encountered in position-based routing. Thus, we study several strategies for efficient distribution of a certificate chain in regard to channel lad, which are adapted from their counterparts in position-based routing. Thereby, we find that by combining pseudonym certificate buffering with requester based responder selection the requirement for certificate chain distribution in VANETs can be removed completely. Hence, the proposed design avoids the identified denial of service weakness and reduces the worst case size of the security envelope of VANET messages by more than a third.
  • Publication
    Feasibility of Verify-on-Demand in VANETs
    ( 2016)
    Bittl, Sebastian
    ;
    Roscher, Karsten
    Wireless ad hoc networks are an important topic in the automotive domain. Thereby, strict security requirements lead to high effort for verification of digital signatures used to secure message exchange. A popular approach to limit such effort is to apply verify-on-demand schemes. However, we show that verify-on-demand requires much more cross layer dependencies than identified before. Moreover, a massive denial of service weakness of this kind of verification mechanism is found. Thus, we recommend to prefer verify-all schemes over their verify-on-demand counterparts.
  • Publication
    Effective certificate distribution in ETSI ITS VANETs using implicit and explicit requests
    ( 2015)
    Bittl, Sebastian
    ;
    Aydinli, Berke
    ;
    Roscher, Karsten
    Security and privacy of current Car-to-X systems heavily depends on the usage of pseudonym certificates. These carry the required information for authenticating messages received from other vehicles. However, only a limited amount of detailed studies about certificate distribution strategies in VANETs as well as attack surfaces of such systems has been proposed. Therefore, a general study about possible distribution mechanisms and their parametrization is provided in this work. Thereby, the management of entries in request lists is identified as a key issue for system performance. Additionally, a design flaw in the currently standardized ETSI ITS distribution scheme is outlined leading to the possibility of an attacker significantly increasing channel load on the safety critical control channel. A solution to this problem is suggested and an evaluation of its performance is provided. Furthermore, the evaluation shows the great influence of request list management on authentication delay and thus on security inducted packet loss.
  • Publication
    Efficient rate-adaptive certificate distribution in VANETs
    ( 2015)
    Bittl, Sebastian
    ;
    Aydinli, Berke
    ;
    Roscher, Karsten
    Car-to-X communication systems, often called vehicular ad-hoc networks (VANETs), are in the process of entering the mass market in upcoming years. Thereby, security is a corepoint of concern due to the intended use for safety critical driver assistance systems. However, currently suggested security mechanisms introduce significant overhead into Car-to-X systems in terms of channel load and delay. Especially, the usage of on the fly distributed pseudonym certificates leads to a trade off between channel load and authentication delay, which may lead to significant packet loss. Thus, this work studies a novel concept for pseudonym certificate distribution in VANETs using rate-adaptive certificate distribution based on monitoring a vehicle's environment. Thereby, the cyclic certificate emission frequency is adapted on the fly based on cooperative awareness metrics for discrete parts of the vehicle's surrounding. The obtained mechanism is evaluated in a highway as well as an urban simulation scenario to show its suitability for a broad range of traffic conditions. Thereby, we find that it is able to significantly outperform the currently standardized approach for pseudonym certificate distribution in VANETs based on ETSI ITS standards. Thus, it should be regarded for further development of future VANETs.
  • Publication
    Adaptive decision algorithms for data aggregation in VANETs with defined channel load limits
    ( 2015)
    Jiru, Josef
    ;
    Mammu, Aboobeker Sidhik Koyamparambil
    ;
    Roscher, Karsten
    The main challenges when realizing safety related applications based on vehicle-to-x communication are scalability and reliability. With an increasing number of vehicles, the communication channel must not get congested especially if a large amount of information has to be transmitted over multiple hops to a destination. This challenge can be solved by reducing the data load through data aggregation. In this paper, we present a decentralized congestion control using the channel busy ratio (CBR) on the application layer for an adaptive control of aggregation levels in real time. Adaptive decision algorithms decide which data is aggregated in real time. Two different approaches are compared: One approach relies on two CBR thresholds (min/max) only and one that allows a higher number of CBR thresholds. In both cases, the adaptive aggregation control increases and decreases the data aggregation levels based on these thresholds. Our simulation results show that both approaches are able to adjust the aggregation levels to given channel load thresholds within seconds resulting in improved data quality even in heavy congested situations. Adaptive decision algorithms result in less error introduced by aggregation. The impact of the two aggregation level control approaches is discussed regarding channel load and resulting data precision.
  • Publication
    Security overhead and its impact in VANETs
    ( 2015)
    Bittl, Sebastian
    ;
    Roscher, Karsten
    ;
    Gonzalez, Arturo A.
    Vehicular ad hoc networks (VANETs), often called Car2X communication systems, are about to enter the mass market in upcoming years. They are intended to increase traffic safety by enabling new safety critical driver assistance systems. This also means that strong security mechanisms are required to safeguard communication within VANETs. However, standardized security mechanisms lead to significant overhead in terms of bandwidth requirement and delay. Prior work has focused on reducing the overhead by advanced strategies for pseudonym and authorization authority certificate exchange. However, we find that this is not enough to enable reliable message exchange in VANETs. Various other sources of overhead caused by security mechanisms in VANETs are identified in the provided analysis. Thereby, we find cross layer and cross message dependencies. In combination with the non-fragmentation property of VANET messages, such dependencies are discovered to lead to massive dropping of packets due to maximum size violations at low protocol layers. Thus, we develop a method for cross layer on demand content assembling for VANET messages, which can avoid the size limit violations without preventing individual layers from disseminating their variable length data sets.
  • Publication
    Distribution of pseudonym certificates via bursts for VANETs with low and medium mobility
    ( 2015)
    Bittl, Sebastian
    ;
    Aydinli, Berke
    ;
    Roscher, Karsten
    Wireless intelligent transport systems based on Car-to-X communication technology are about to enter the massmarket in upcoming years. Thereby, efficient and reliable security systems are a core point of concern in system design. Currently regarded digital signature schemes using pseudonym certificates can introduce significant overhead into the highly bandwidth restricted system. Thus, mechanisms to optimize the efficiency of the security mechanisms in regard to authentication delay and channel load are required. Prior work has focused on scenarios with high node mobility, e.g., freeways. However, bandwidth conserving mechanisms are also required for urban low and medium mobility scenarios to enable foreseen extension of the wireless network for the many other volatile road users like pedestrians. Hence, an approach for efficient pseudonym certificate distribution in urban scenarios is provided in this work. The given simulation based environment shows that it can enhance cooperative awareness while limiting used bandwidth. Thus, it can be regarded as well suitable for future urban intelligent transport systems.
  • Publication
    ezCar2X. Rapid-Prototyping of Communication Technologies and Cooperative ITS Applications on Real Targets and Inside Simulation Environments
    ( 2014)
    Roscher, Karsten
    ;
    Bittl, Sebastian
    ;
    Gonzalez, Arturo
    ;
    Myrtus, Matthias
    ;
    Jiru, Josef
    Verkehrsnetzwerke und kooperative Mobilität sind noch immer aktive Forschungsfelder. Hierzu wird unser Ansatz, den Entwurf, die Umsetzung und die Prüfung neuartiger Anwendungen und Protokolle zu erleichtern, vorgestellt: Das modulare Softwareframework ezCar2X. Kooperative ITS-Anwendungen, basierend auf Car2X Kommunikation, können in einer Simulationsumgebung sowie auf realer Hardware mit einer einzigen Implementierung evaluiert werden. In diesem Beitrag präsentieren wir die Architektur und existierenden Module des Frameworks, beschreiben dessen Integration in eine Simulationsumgebung und schließen mit einem Ausblick auf geplante Entwicklungen.