nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

CarINA - Car Sharing with IdeNtity Based Access Control Re-enforced by TPM

verfasst von : Bogdan Groza, Lucian Popa, Pal-Stefan Murvay

Erschienen in: Computer Safety, Reliability, and Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Car sharing and car access control from mobile devices is an increasingly relevant topic. While numerous proposals started to appear, practical deployments ask for simple solutions, that are easy to implement and yet secure. In this work we explore the use of TPM 2.0 functionalities along with identity-based signatures in order to derive a flexible solution for gaining access to a vehicle. While TPM 2.0 specifications do not have support for identity-based primitives we can easily bootstrap identity-based private keys for Shamir’s signature scheme from regular RSA functionalities of TPM 2.0. In this way, key distribution becomes more secure as it is re-enforced by hardware and the rest of the functionalities can be carried from software implementations on mobile phones and in-vehicle controllers. We test the feasibility of the approach on modern Android devices and in-vehicle controllers as well as with a recent TPM circuit from Infineon.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Demo: CANDY CREAM

Nächstes Kapitel Combining Safety and Security in Autonomous Cars Using Blockchain Technologies

https://trustedcomputinggroup.org.

Armando, A., et al.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005). https://doi.org/10.1007/11513988_27CrossRef

Brandl, H.: Trusted Computing: The TCG Trusted Platform Module Specification. In: Embedded Systems. New Munich Trade Fair Centre (2004). http://opensgug.net/utilisec/embedded/Shared%20Documents/Device%20Security/VariousInputs/ShrinathInputs/Basic_Knowledge_EC2004.pdf. Accessed 3 May 2019

Busold, C., et al.: Smart keys for cyber-cars: secure smartphone-based NFC-enabled car immobilizer. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, pp. 233–242. ACM (2013)

Developer Community: TCG TPM2 Software Stack. https://github.com/tpm2-software/tpm2-tss. Accessed 15 April 2019

Developer Community: The source repository for the TPM (Trusted Platform Module) 2 tools. https://github.com/tpm2-software/tpm2-tools. Accessed 15 April 2019

Developer Community: TPM2 Access Broker and Resource Management Daemon. https://github.com/tpm2-software/tpm2-abrmd. Accessed 15 April 2019

Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theor. 29(2), 198–208 (1983)MathSciNetCrossRef

Francillon, A., Danev, B., Capkun, S.: Relay attacks on passive keyless entry and start systems in modern cars. In: NDSS (2011)

Glas, B., Sander, O., Stuckert, V., Muller-Glaser, K.D., Becker, J.: Car-to-car communication security on reconfigurable hardware. In: VTC Spring 2009-IEEE 69th Vehicular Technology Conference, pp. 1–5. IEEE (2009)

10.

Goldman, K.: IBM’s Software TPM 2.0. https://sourceforge.net/projects/ibmswtpm2/. Accessed 15 April 2019

11.

Guette, G., Bryce, C.: Using TPMs to secure vehicular ad-hoc networks (VANETs). In: Onieva, J.A., Sauveron, D., Chaumette, S., Gollmann, D., Markantonakis, K. (eds.) WISTP 2008. LNCS, vol. 5019, pp. 106–116. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-79966-5_8CrossRef

12.

Guillou, L.C., Quisquater, J.-J.: A “Paradoxical” indentity-based signature scheme resulting from zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 216–231. Springer, New York (1990). https://doi.org/10.1007/0-387-34799-2_16CrossRef

13.

Guillou, L.C., Ugon, M., Quisquater, J.J.: Cryptographic authentication protocols for smart cards. Comput. Netw. 36(4), 437–451 (2001)CrossRef

14.

Infineon: Optiga TPM SLB 9670XQ2.0. https://www.infineon.com/cms/en/product/security-smart-card-solutions/optiga-embedded-security-solutions/optiga-tpm/slb-9670xq2.0/. Accessed 22 April 2019

15.

Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_5CrossRef

16.

Steger, M., et al.: An efficient and secure automotive wireless software update framework. IEEE Trans. Ind. Inf. 14(5), 2181–2193 (2018)CrossRef

17.

Symeonidis, I., Aly, A., Mustafa, M.A., Mennink, B., Dhooghe, S., Preneel, B.: SePCAR: a secure and privacy-enhancing protocol for car access provision. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 475–493. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_26CrossRef

18.

Tillich, S., Wójcik, M.: Security analysis of an open car immobilizer protocol stack. In: Mitchell, C.J., Tomlinson, A. (eds.) INTRUST 2012. LNCS, vol. 7711, pp. 83–94. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35371-0_8CrossRef

19.

Turuani, M.: The CL-atse protocol analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006). https://doi.org/10.1007/11805618_21CrossRef

20.

Verdult, R., Garcia, F.D., Balasch, J.: Gone in 360 seconds: Hijacking with hitag2. In: Proceedings of the 21st USENIX Conference on Security Symposium, p. 37. USENIX Association (2012)

21.

Wei, Z., Yanjiang, Y., Wu, Y., Weng, J., Deng, R.H.: HIBS-KSharing: hierarchical identity-based signature key sharing for automotive. IEEE Access 5, 16314–16323 (2017)CrossRef

22.

Wetzels, J.: Broken keys to the kingdom: security and privacy aspects of RFID-based car keys. arXiv preprint arXiv:1405.7424 (2014)

23.

Wolf, M., Gendrullis, T.: Design, implementation, and evaluation of a vehicular hardware security module. In: Kim, H. (ed.) ICISC 2011. LNCS, vol. 7259, pp. 302–318. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31912-9_20CrossRef

24.

Wolf, M., Weimerskirch, A., Paar, C.: Automotive digital rights management systems. In: Lemke, K., Paar, C., Wolf, M. (eds.) Embedded Security in Cars, pp. 221–232. Springer, Heidelberg (2006). https://doi.org/10.1007/3-540-28428-1_13CrossRef

Titel: CarINA - Car Sharing with IdeNtity Based Access Control Re-enforced by TPM
verfasst von: Bogdan Groza
Lucian Popa
Pal-Stefan Murvay
Verlag: Springer International Publishing
Buch: Computer Safety, Reliability, and Security
Print ISBN: 978-3-030-26249-5

Electronic ISBN: 978-3-030-26250-1

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-26250-1_17

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner