1 / 11

VDTLS v1.1 Status Update

VDTLS v1.1 Status Update. Sheng-Po Kuo, Telcordia, Taiwan kuopo@research.telcordia.com Chih-Hsun (Anthony) Chou, III, Taiwan chchou@iii.org.tw. VDTLS: Secure UDP Communications. Secured end-to-end session Mutual authentication Message encryption w/choice of ciphers

stacey
Download Presentation

VDTLS v1.1 Status Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. VDTLS v1.1 Status Update Sheng-Po Kuo, Telcordia, Taiwan kuopo@research.telcordia.com Chih-Hsun (Anthony) Chou, III, Taiwan chchou@iii.org.tw

  2. VDTLS: Secure UDP Communications • Secured end-to-end session • Mutual authentication • Message encryption w/choice of ciphers • Message integrity verification w/choice of hashing algorithms • Separate security parameters for different sessions • UDP Transport, but w/reliable session establishment protocol • Benefits of asymmetric cryptography w/o management burden of certificates • Bandwidth efficient

  3. VDTLS v1.1 • Motivation • VDTLS v1.0 is an application-layer security protocol that was originally designed and implemented for VII PoC. It was used to secure the Probe Data Collection application in the POC. • Short message size • Short communication period • Unidirectional communication. • Goals • Concurrent sessions • Bi-directional transmission. • More generic APIs

  4. Design Principles • Multiple bidirectional VDTLS sessions • A listener for port negotiation is implemented • Multiple VDTLS threads listen on different ports • A descriptor number to handle the transmission of a single session • Reliable transmission (option) • Sender can wait ACK to make sure a transmission is successful • Implement a buffer to store received data for each connection • Thread-safe considerations • OpenSSL • Miracl

  5. Multiple VDTLS Sessions

  6. APIs • int vdtls_socket (int type); • int vdtls_bind (int vdtls_sockfd, const struct sockaddr *my_addr, socklen_t addrlen); • int vdtls_listen (int vdtls_socket, int cipher, int timeout, int is_ack, int debug); • int vdtls_accept (int vdtls_sockfd); • int vdtls_connect (int vdtls_sockfd, const struct sockaddr *serv_addr, socklen_t addrlen, char* svr_pub_id, int cipher); • int vdtls_send (int vdtls_sockfd, void* msg, int size); • int vdtls_recv (int vdtls_sockfd, void* buffer, int size); • int vdtls_close (int vdtls_sockfd);

  7. Conclusion and Future Work • Current status • Two-way unicast for single-hop V2R • Medium to long handshake latency • Functionality enhancement will be done at the end of this year. • Future directions • Performance enhancement • Wrap VDTLS v1.1 APIs to support legacy applications

  8. Environment Backend Commercial Applications Backend Public Safety Applications Secure UDP Communications between Vehicle and Back-end Server Applications Network Secure UDP Communications between Vehicle and RSE-based Applications Local RSE Applications RSE Broadcast and point-to-point delivery of V2I Messages between RSE and vehicles Secure UDP Communications between Vehicles RSE Radio Coverage V2V Communications Local OBU Applications Local OBU Applications OBU OBU 9

  9. VDTLS Architectural Overview A client-server protocol based on IETF DTLS and TLS (RFC-4347/4346) Introduces Identity-Based Encryption (Boneh-Franklin) as authenticated key exchange method IBE is a unique public-key cryptographic system where any arbitrary string can be used as a public key VDTLS uses information already broadcasted in Secure WSAs as application’s public key (i.e., “IP:Port”) Re-designed session handshake protocol Secure UDP Session using VDTLS AppClient AppSvr OBE Secured WSA RSE 10

  10. VDTLS Session Negotiation OBE Secured WSA Contains AppSvr’s Public ID, signed by RSE RSE AppClient AppSvr ClientHelloClientKeyExchange ServerHelloServerKeyExchange[ChangeCipherSpec]Finished [ChangeCipherSpec]FinishedFinished / Application Data** Application Data Session renegotiation and session resumption also supported 11

More Related