This presentation discusses the use of Garbled Circuits for improving security and simplifying implementation of Secure Credential Management Systems (SCMS) in the Automotive industry
2. Outline
§ Introduction and Motivation
§ Review of Relevant SCMS Protocols
§ Secure Computation and Yao’s Garbled Circuit
§ Secure Computation for Linkage Value Generation
§ Demo of Linkage Value Generation
§ Secure Computation for Misbehavior Identification
§ Demo of Misbehavior Identification
4. Overview
4
• Organizational separation à More people
and resources à More cost
• Necessity due to low trust
• One (bad) solution is to sacrifice privacy
• We have a better solution!
• Our goals: reduce organizational complexity
and hence cost, while at the same time
improve overall security/privacy
• Our approach: replace distributed
computation with secure computation
protocols
• Our focus: Linkage Value (LV) generation
and Misbehavior Identification (MID)
5. Problems with Distributed Computation
§ Different authorities are required to have organizational separation
– Extremely difficult and costly
– Not realistic under many scenarios, e.g., when an OEM wants to build and
operate its own SCMS
§ Different authorities are assumed to follow the protocols as specified
– Malicious insiders can deviate from the protocol without the fear of detection
– Malicious insiders can collude to subvert the protocol
§ Secure computation protocols remove both these problems
– Trade-off: increased communication and computation complexity
– OnBoard Security research has been working to address both of these
– Long-term, advancements in microelectronics and CPU architecture, and
economies of scale for cloud computing are also on our side
5
7. Linkage Value Generation
7
• Pseudonym certificate provisioning
• Request for pseudonym certificates
• Pseudonym certificate generation
• Initial download of pseudonym
certificates
• Schedule generation of subsequent
batch of pseudonym certificates
• Top-off pseudonym certificates
• Only Linkage Value (LV) generation, which
is embedded inside pseudonym certificate
generation, requires distributed computation
among multiple authorities
8. Current Process of LV Generation
8
LS0 LS1 LSi… …
PLVi,j
EPLVi,j EPLVi,j
LS0LS1LSi ……
PLVi,j
LA1 LA2
PCA
PLVi,j PLVi,j
LVi,j
EPLVi,j EPLVi,j
H H H H H H H H
E E
E: Encryption
EPLV: Encrypted PLV
H: Hash
LS: Linkage seed
PLV: Pre-linkage value
LV: Linkage value
One-way computation
RAShuffle across multiple devices
9. Malicious Security
9
§ Current SCMS design is vulnerable to malicious insiders
– Malicious LA: A malicious LA can provide pre-linkage values that look “normal”, but completely subvert
misbehavior detection, e.g.
§ by using multiple seeds (instead of a single seed) per device
§ by using random 9-bit values instead of following the pre-linkage value generation algorithm
– Malicious RA: A malicious RA can subvert misbehavior detection and revocation, e.g.
§ by using pre-linkage values from different chains for a given device
§ by provisioning a revoked device with certificates using a new linkage chain
– Malicious LA/PCA: A malicious LA/PCA can subvert misbehavior investigation by, e.g.
§ on MA’s query (plv1, plv2), LA responding that they don’t belong to a device, even if they do
§ on MA’s query lv (=plv1 ⊕ plv2) PCA responding with (plv3, lv ⊕ plv3), where plv3 ≠ (plv1 or plv2)
§ This is not an exhaustive list of attacks. In fact, creating an exhaustive list seems infeasible
§ Some attacks can possibly be addressed by small changes in the current protocols, but we
need a holistic approach that counters all attacks, even those we have not discovered yet.
10. Global Misbehavior Detection FAQ
Q: Do we really need it?
A: Yes, because whether you like it or not, misbehavior will happen.
Q: Why can’t each OEM take care of misbehavior on their own?
A: In a cooperative system like V2V, misbehavior will impact everyone
not just a particular OEM.
Q: As an OEM, we handle far more sensitive information, so why can’t
we also handle linkage value generation?
A: Even if OEM 1 is doing everything alright, OEM 2 can set the
system such that its vehicles will never get revoked, as illustrated in
the last slide.
10
11. Misbehavior Identification
11
• Global misbehavior detection and revocation
• Misbehavior report validation
• Misbehavior analysis
• Misbehavior investigation
• Revocation
• Misbehavior post-processing
• Only misbehavior investigation and part of
revocation require distributed computation
among multiple authorities, which we call
Misbehavior Identification (MID)
12. Current Misbehavior Investigation
12
{sLV1, rLV1}
…
{sLVi, rLVi}
…
{sLVn, rLVn}
LV à EPLVEPLV à LS
MA
PCALA
1. LV
2. EPLV
3. {sEPLV1, rEPLV1}
…
{sEPLV50, rEPLV50}
MA’s query size and LA’s response are deliberately limited due to privacy concern.
4. {sEPLV, sCount, UniqueRCount}
EPLV: Encrypted PLV
LS: Linkage seed
LV: Linkage value
rEPLV: Reporter EPLV
rLV: Reporter LV
sEPLV: Suspect EPLV
sLV: Suspect LV
13. Current Revocation
13
Revoked LV list
LV à HRPRHRPRà LCI1, LCI2
MA
PCARA
LCI1 -> LS1
LA1
LCI2 -> LS2
LA2
HRPR: Hash of RA-PCA
request
LCI: Linkage chain identifier
LS: Linkage seed
LV: Linkage value
1. LV
2. HPRR
3. HPRR
4. LCI1, LCI2 5. LCI1 7. LCI2
6. LS1 8. LS2
14. All Misbehavior Detection
§ MA should be able to detect all
misbehavior in reports as per the policy.
Perfect Privacy Protection
§ MA should only learn linkage seeds
of vehicles to be revoke.
§ No one should learn anything else.
14
Goals of MID
Suspect Threshold: 5
Reporter Threshold: 3
Color: Suspect Vehicle
Shape: Reporter Vehicle
15. Issues with current MID - Effectiveness
15
Assume:
a) Suspect Threshold: 5
b) Reporter Threshold: 3
Color: Suspect Vehicle
Shape: Reporter Vehicle
Due to the limited query size,
MA does not detect all
misbehaviors, i.e. red color
vehicle goes undetected
Misbehavior Report Database Query 1 Query 2
A smart attacker can easily create a strategy that defeats the current algorithm of MA.
16. Issues with current MID - Privacy
16
§ PCA learns which LVs are being investigated.
§ LA also learns which EPLV and LS are being investigated.
§ MA learns information also about honest vehicles.
§ Our goals for MID
– Make sure all misbehavior can be detected
– Achieve security and privacy via a theoretically sound mechanism
18. Secure Computation to the Rescue
§ In theory, secure computation can solve all the previously identified
problems
§ But even the most efficient previously known solutions for secure
computation are extremely impractical for use in SCMS
– LV Generation: Even if one can generate one linkage value in a reasonable
amount of time, generating 30 years’ worth for 300 million vehicles is
extremely impractical
– MID: Due to current one-way design of linkage values, the inputs of LAs will
consist of 300 million linkage seeds, which makes the protocol extremely
impractical
18
19. Real Life Computation Problems
19
Solution: Trusted third party
But, do we really have to?
20. Secure Computation
§ Parties P1, P2, …, Pn with private inputs x1, x2, …, xn can jointly
compute any arbitrary function f(x1, x2, …, xn), s.t.
– Correctness: Output is guaranteed to be correct.
– Privacy: Inputs are guaranteed to remain private.
– …
§ [Yao ’82] achieved this for n = 2.
§ [Goldreich-Micali-Wigderson ’87] achieved this for n ≥ 2.
§ Active area of cryptographic research.
20
24. Secure Computation for LV Generation
§ AStraightforward 4-Party Secure Computation for LV generation
– Inputs
§ LA1: entire database of linkage seeds
§ LA2: entire database of linkage seeds
§ RA: (EE, i, j)
§ PCA: nothing
– Outputs
§ LA1, LA2, RA: nothing
§ PCA: linkage value for (EE, i, j)
§ It is inefficient because protocol complexity grows with the number of parties and
linkage seed database is extremely large
§ Our protocol V1
– Functionality of LAs is merged with PCA, so it is a 2-party protocol between PCA and RA
– Linkage seed is computed on the fly inside secure computation using a hash function, so parties’
inputs become very small and manageable
24
25. V1: Hash-based Initial Linkage Seed Generation
25
SHA-256RA
EE
PCA
KPCA
PCA
ls1(EE,0), ls2(EE,0)
PCA RA
Private Inputs KPCA EE, i, j
Private Outputs lv(EE, i, j) lv pointer
27. V3: Stateful Generation
§ V2 is a huge improvement over V1, e.g., for weekly batches
– 1st week: 3 vs. 41 SHA-256,
– 2nd week: 5 vs. (41+81) SHA-256,
– 3rd week: 7 vs. (41+81+121) SHA-256, and so on
§ However, V2 is a trade-off
– Maximum benefit only if batch size = life of vehicle, i.e., 30 years
– Generating all 30 years’ worth at once has drawbacks
§ Huge waste, as average lifespan is only 13 – 17 years (https://berla.co/average-us-vehicle-lifespan/)
§ Large storage and communication requirements
§ Stateful Generation in V3
– Last week’s linkage seed is stored at PCA in garbled form
– Has performance similar to V2 with batch size = life of vehicle
– Doesn’t have any of the drawbacks of V2
27
28. Compatibility and Further Improvements
§ V1 – V3 are fully compatible with current LV design, i.e., vehicles
won’t notice any difference
§ V4: Privacy is guaranteed by secure computation, so only one
(instead of two) linkage chain per vehicle is sufficient
– No obvious security weaknesses compared to current design
– Currently deployed devices need software update for new CRL expansion
– Cuts CRL size in half (or, doubles the number of devices that can be revoked)
– Cuts CRL expansion time in half, a big plus for resource-constrained devices
– Cuts LV generation time and resources in (almost) half
– Makes misbehavior identification more efficient
28
29. Results of GC Implementations for LV generation
29
One LV (MB) One Vehicle for 30
Years (GB)
300 Million Vehicles
for 1 Week (TB)
Improvement Factor
(V1/Vx)
V1 (Hash-based Initial
Linkage Seed) 6,019 183,390 34,440,744 N/A
V2 (Batched
Generation) 301 9,184 1,726,169 20
V3 (Stateful
Generation) 1.13 35 6,481 5,314
V4 (One Linkage
Chain per Vehicle) 0.69 21 3,953 8,713
§ Table shows average garbled circuit sizes for 20 LVs per week
§ Garbling of V4, on AWS t2.micro takes about 0.02 seconds per LV
– Hardware: Intel Xeon CPU at 2.4 GHz and 1GB RAM
– Cost: $0.0035 per hour (https://aws.amazon.com/ec2/spot/pricing/).
§ LV generation for 300 million vehicles without the LA-pair would cost $15,000/year
§ CAMP’s cost model puts a price tag on the LA-pair at $150,000/year
32. Secure Computation for MID
§ A Straightforward 5-Party Secure Computation for MID
– Inputs
§ MA: misbehavior reports containing suspect and reporter linkage values
§ PCA: entire database of (linkage value, hash of RA-PCArequest) mapping
§ RA: entire database of (hash of RA-PCArequest, LCI1, LCI2) mapping
§ LA1, LA2: entire database of (LCI1, LS1) and (LCI2, LS2), respectively
– Outputs
§ MA: linkage seeds of devices satisfying the revocation criteria
§ PCA, RA, LA1, LA2: nothing
§ It is inefficient because protocol complexity grows with the number of parties and
databases of PCA, RA, LA1 and LA2 are extremely large
§ Our protocol V1
– LAs are replaced by our novel design of Misbehavior Helper (MH), so it is a 3-party protocol
– No database lookups, MH is decrypted jointly by PCA and RA to retrieve linkage seeds
32
33. V1: Misbehavior Helper Info
33
Misbehavior Helper Info (MH) = Enc(KRA+KPCA, LV||LS)
LS0 LS1 LSi… …
MH
RA
KRA
LVi,j
PCA
KPCA
MA PCA RA
Private Inputs {(Suspect MH, Reporter MH)} KPCA KRA
Private Outputs Linkage seeds for CRL Nothing Nothing
34. V2: Boolean Circuit Improvements
34
§ V1’s Boolean circuit grows quadratically with input size
§ Novel approach for “Filtering over Threshold”
– Sorting using bitonic sorting network: O(n * log2n)
– Counting the sorted input: O(n)
– Filtering based on threshold: O(n)
§ O(n2
) à O(n * log2
n): Improvement factor grows dramatically
– Boolean circuits are 9 times smaller for input size = 1,000
– Extrapolations for larger input sizes are below
Input Size 1,000 10,000 100,000 1,000,000
Improvement Factor 9 51 324 2,250
35. Results of GC Implementations for MID
35
Number of Gates
in Boolean Circuit
Garbled Circuit Size (GB) Garbling Time
(seconds)
Improvement Factor
(V1/Vx)
V1 (Misbehavior
Helper Info)
1.1 Billion 12 27 N/A
V2 (Boolean Circuit
Improvements)
121 Million 1.3 3 9
§ Table shows MID for 1024 inputs (suspect, reporter LVs) and 1 linkage chain per vehicle
§ Garbling times are on AWS c5d.xlarge
§ Hardware: Intel Xeon CPU at 2.4 GHz and 8GB RAM
§ Cost: $0.0388 per hour (https://aws.amazon.com/ec2/spot/pricing/).
§ Current code utilizes only 1 core, significant improvements are expected by our (upcoming)
research on parallelization
37. Conclusions
§ Linkage Value (LV) Generation
– Better security and privacy at a fraction of the original cost
– Simpler overall system
– Opportunities for significant improvements in CRL efficiency and other parts of
SCMS by switching to one linkage chain per vehicle
§ Misbehavior Identification (MID)
– Best possible security and privacy
– Highly effective, i.e., MA can catch all misbehavior in reports as per the policy
§ Ongoing research at OnBoard Security and academia will further
improve efficiencies for both LV Generation and MID
37