any misbehavior in the CAV communication should be prohibited and investigated. Therefore, the data management of the CAV network should include dynamic revocation and accountability of (malicious or compromised) vehicles.To address these challenges, many prior efforts (e.g., [3], [12], [28]) advocate the use of certificate-based authentication to meet the demands of CAV infrastructure security such as authentication as well as scalability and efficiency, inspired by the practice from Internet-based network [19], [21]. Unfortunately, such a certificate-based authentication requires frequent asymmetric key encryption and decryption and communication with centralized public-key infrastructures, thereby hindering their practicality, particularly when considering the fact that multiple on-road vehicles can form an ad-hoc network at arbitrary moment and there is a need to instantly authenticate a vehicle and trust its communication.In this paper, we propose a new Vehicle-to-Vehicle (V2V) protocol by leveraging the Trusted Execution Environment (TEE) of in-vehicle processors. In particular, we notice many of the security and efficiency demands can be met without involving certificates and frequent asymmetric key encryption and decryption if we can leverage TEE and use a TEE protected temporal (e.g., daily) symmetric key-based communication protocol. Specifically, in such a protocol, many security demands such as confidentiality, authenticity and replay protection can be achieved naturally by using securely provisioned Daily Symmetric (DK) keys protected by TEE. The changing symmetric keys are further stored in the TEE protected sealed storage to prevent a malicious OS or other privileged software from stealing or modifying the sensitive information. Such a TEE based authentication removes the pairwise key exchange overhead when using certificate-based authentication, allowing instantly broadcast of encrypted data.To strike the balance between privacy and utility, we also choose to associate a temporary random vehicle identifier (TID) with all the vehicle activities to protect driver's (or user's) privacy. In particular, the TID is derived from a Vehiclespecific Root Key (VRK) stored in a sealed storage as well as the servers of trusted authorities such as Bureau of Motor Vehicles (BMV). All CAV network activities, containing TID, are logged by road side units (e.g., the edge servers, and smart traffic lights). Only when there is an accident or security breach, the VRK will be revealed to forensics investigators. Based on the VRK, the forensics investigators can further locate the vehicle owners and hold them accountable if they commit any crimes. Strict access control will be enforced for the database server to ensure only those who have the permission is allowed to review the VRK information. Additionally,
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.