Formal analysis and applications of direct anonymous attestation.

Abstract

Intelligent Transportation Systems (ITS) is a combination of information and communication technologies used in transportation systems to improve efficiency and safety for transport users. It also encompasses the growing field of connected and autonomous vehicles that is expected to have significant benefits for the economy and overall safety of travel. Two of the main challenges within ITS are managing the scalability of large networks, and securing communication between ITS entities, especially given that entities may be malicious and need to be revoked. To address security and privacy concerns within ITS, public key infrastructure (PKI) has been deployed in vehicular communication architectures. Such architectures detail how entities (vehicles, road-side units, etc.) communicate with each other and how their credentials need to be revoked when they become malicious so that they cannot continue to communicate with other entities. This thesis covers both analysis of protocols within existing architectures and also proposes new architectures. Our work contributes to the analysis of existing architectures for revocation. We present a symbolic analysis of existing REWIRE protocols using the Tamarin Prover, and show that not all their desired security goals are met. We propose a new variant of REWIRE called O-Token which addresses the required properties based on vehicular public key infrastructure. Vehicular communication architectures are becoming more heterogeneous and therefore there is active research in identifying how vehicles can themselves become a root of trust for supporting secure communications in ITS. We present a new vehicular communication architecture, based on trusted computing, which removes the need for additional PKI infrastructure within an ITS. It enables secure operations to be performed within vehicles without relying on constant message exchange with infrastructure. The novelty of our architecture is the use of Direct Anonymous Attestation to manage the security and privacy of entities, to improve the scalability and revocation in large networks. Furthermore, the architecture is resilient to colluding trusted third party infrastructure. Our final contribution is an analysis of one variant of Direct Anonymous Attestation, ECC-DAA, based on the ISO/IEC 20008-2:2013 standard. We evaluate whether it provides the security and privacy guarantees needed in order for it to be a central technique within our scalable vehicular communication architecture. Our symbolic analysis of an ECC-DAA specification using the Tamarin Prover identifies an attack which exploits a single compromised trusted platform module to undermine other uncompromised ones. We propose a solution and demonstrate the revised specification ensures the protocol's robustness.