1 / 10

1609.2: VIIC POC Report

1609.2: VIIC POC Report. William Whyte, NTRU. Overview. Secured Messages Secured WSMs Secured WSAs Certificate Management Anonymity V-HIP / V-DTLS. VII POC Security Team. NTRU, Security Libraries Telcordia, Certificate Management / V-DTLS Technocom, Crypto Hardware Accelerator / V-HIP

joella
Download Presentation

1609.2: VIIC POC Report

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 1609.2: VIIC POC Report William Whyte, NTRU

  2. Overview • Secured Messages • Secured WSMs • Secured WSAs • Certificate Management • Anonymity • V-HIP / V-DTLS

  3. VII POC Security Team • NTRU, Security Libraries • Telcordia, Certificate Management / V-DTLS • Technocom, Crypto Hardware Accelerator / V-HIP • Escrypt, Crypto Hardware IP Core • Scott Andrews • A cast of thousands

  4. Secured Messages • Implementation in general followed 1609.2 • Implemented modification of 1609.2 that uses PSID rather than ACID / ACM • Modification to EncryptedMessage – moved EncryptedContentType inside the block that gets encrypted (to support cert management)

  5. Secured WSMs • Encapsulated SecuredMessage within WSM rather than using SecuredWSM • Architecture was simpler – WSMs are constructed by radio but keys are owned by application • In light of move from ACID/ACM to PSID, bandwith savings from SecuredWSM were minimal • TBD if this should be propagated back into standard

  6. Secured WSAs • Implemented without message format changes

  7. Certificate Management • Greatly expanded – thanks to Telcordia • Cert requests are encrypted • Cert responses are encrypted (improved support for anonymity) • Added Cert Request Error message • Added CRL Request message • WW intends to submit comment recommending that 1609.2 incorporates these changes

  8. Anonymous Certs • Implemented “combinatorial” method • Pool of N (~ 10,000) certs • Each vehicle has n (~ 5) from that pool • Change cert periodically • Misbehaviour  a cert is revoked  all OBEs with that cert apply for new cert • Large numbers of applications for new cert  called in for extra processing • Detailed analysis performed by Telcordia • Need to review requirements / linking with MAC anonymity / synchronization with European approach

  9. V-DTLS, V-HIP • Not currently in 1609.2 • V-HIP supports secure mobile access (prolonged comm session with remote server) • V-DTLS supports secure sessions between User and local Provider • Less setup overhead than V-HIP • Both provide useful functionality • Seem appropriate for inclusion in 1609.2 subject to review, WG consensus

  10. Other possible enhancements • MAC layer security • Generic requirement for OBE to authenticate to RSE before being granted internet access • CRL handling • Platform assurance • How to ensure that an application behaves correctly • How to ensure that a platform only installs an application that behaves correctly • How and to what level to ensure a platform’s behavior against hw /sw attacks

More Related