secure smartphone-based registration and key · pdf filemultiple communication channels (v2c,...
TRANSCRIPT
Secure Smartphone-based Registration and Key Deploy-ment for Vehicle-to-Cloud CommunicationsWorkshop on Security, Privacy and Dependability for Cyber Vehi-cles (CyCAR)Julian Timpner, Dominik Schürmann, Lars Wolf, 4. November 2013
Institute of Operating Systemsand Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
Motivation
V-ChargeAutonomous valet parking with e-mobilityElectric vehicles, equipped with affordable sensor systemsNo Internet access on vehicles (parking garage)
ChallengesMinimum of infrastructure (DTN)Efficiently using charging resourcesMultiple communication channels(V2C, Web, mobile)
Charging Station
ParkingManagerDrop-off/
Check-in{
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 2Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
This Talk
Security ChallengesVehicle registration process independently of OEMsKey generation and deployment, while minimizing trust in centralauthorities
Secure smartphone-based registration and key deploymentFramework can be used by vehicle owners at any timeKey generation solely done by vehicle owner on a mobile deviceVehicle registration on mobile device based on well-researched PKINo proprietary protocols involved
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 3Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
requestToken(email, password)
〈refresh_token, access_token〉
generate 〈pkv, skv〉,CSRv
verify(access_token)
validity status
Process CSRand generate signed certv
requestCertificates(access_token,CSRv)
〈certv, certca〉
deploy(skv, certv, certca)
acknowledge deployment
delete securely〈skv, certv, certca〉
secure DTN
d:Mobile Device v:Vehicle p:ParkingManager ca:DTN CA auth:Authorization Server
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 4Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
requestToken(email, password)
〈refresh_token, access_token〉
generate 〈pkv, skv〉,CSRv
verify(access_token)
validity status
Process CSRand generate signed certv
requestCertificates(access_token,CSRv)
〈certv, certca〉
deploy(skv, certv, certca)
acknowledge deployment
delete securely〈skv, certv, certca〉
secure DTN
d:Mobile Device v:Vehicle p:ParkingManager ca:DTN CA auth:Authorization Server
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 5Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
Smartphone-to-Cloud: Authentication/Authorization
RequirementsDon’t store account passwords on device (protection against theft)Easy revocation of devices (recovery after theft)Don’t force users to repeatedly login before usage (usability)Based on open standards
OAuth 2.0Provides authorization for Web services and mobile devicesRFC 6749, 6750, 6819Heavy standard, some say “over-engineered”
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 6Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
Smartphone-to-Cloud: Authentication/Authorization
RequirementsDon’t store account passwords on device (protection against theft)Easy revocation of devices (recovery after theft)Don’t force users to repeatedly login before usage (usability)Based on open standards
OAuth 2.0Provides authorization for Web services and mobile devicesRFC 6749, 6750, 6819Heavy standard, some say “over-engineered”
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 6Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
OAuth 2.0 Subset
Authentication/AuthorizationNo third-party applications planned for V-ChargeNo redirection flow based on grant_type “authorization_code”Reducing protocol complexityRESTful JSON interface, OAuth based on Apache Oltu
Concept Description
Token Endpoint HTTP service to request tokensgrant_type our subset implements “password” and “refresh_token”refresh_token long living authorization tokenaccess_token limited access token
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 7Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
OAuth 2.0 Subset
requestToken(email, password)
〈refresh_token, access_token〉
requestToken(refresh_token)
access_token
Verification usingOAuthResourceFilterFactory
request(access_token)
JSON encoded response
c:Customer endpoint:OAuthTokenEndpoint api:RESTful API
[refresh_token]
alt[password]
Switch based ongrant_typeSwitch based ongrant_type
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 8Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
Device Revocation
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 9Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
requestToken(email, password)
〈refresh_token, access_token〉
generate 〈pkv, skv〉,CSRv
verify(access_token)
validity status
Process CSRand generate signed certv
requestCertificates(access_token,CSRv)
〈certv, certca〉
deploy(skv, certv, certca)
acknowledge deployment
delete securely〈skv, certv, certca〉
secure DTN
d:Mobile Device v:Vehicle p:ParkingManager ca:DTN CA auth:Authorization Server
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 10Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
Vehicle Registration
RegistrationEasy registration process executable by customersVehicle Identification Number (VIN)Registration of vehicles without the need of in-vehicle display andin-vehicle Internet connection
Key generationNobody but the owner possesses the private keyGeneration on mobile device, protected by OS securityEnough entropy compared to embedded hardware
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 11Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
Vehicle Registration
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 12Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
requestToken(email, password)
〈refresh_token, access_token〉
generate 〈pkv, skv〉,CSRv
verify(access_token)
validity status
Process CSRand generate signed certv
requestCertificates(access_token,CSRv)
〈certv, certca〉
deploy(skv, certv, certca)
acknowledge deployment
delete securely〈skv, certv, certca〉
secure DTN
d:Mobile Device v:Vehicle p:ParkingManager ca:DTN CA auth:Authorization Server
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 13Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
Key Deployment
RequirementsIn-vehicle Hardware Security Module (HSM)NFC-enabled mobile device
Deployment process (only conceptual)Transmission of 〈skv, certv, certca〉 over NFC-SEC to HSMDelete 〈skv, certv, certca〉 from device
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 14Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
Hardware Security Modules
Hardware implementation details are beyond the scope of our paperAPI: Mode to reset its memory and a deployment mode to store new〈skv, certv〉-pairsVehicles are equipped with HSM by service stations or carmanufacturersRequire PIN to access the APINFC with security layer or NFC-SEC
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 15Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
DTN Security
ImplementationIBR-DTN daemonCloud-to-Vehicle security based on RFC 6257TLS on TCP convergence layer
V-Charge key management designPKI with certificatesRevocation by “floating” CRLs
generate 〈pkp, skp〉,CSRp
requestCertificate(CSRp)
deploy(certp, certca)
p:ParkingManager ca:DTN CA
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 16Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
Remote Attacks
Intercept access_tokenAttack on TLS with pinned certificate
Eavesdropping/replay attacks on NFCNFC-SEC standardTransmission only happens once, as opposed to vehicular accesscontrol systems
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 17Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
Attacking the Application
Extract refresh_tokenMalicious application attacking Android’sAccountManager (root exploit needed)Revocation on device theft
Steal skv before deploymentPrivilege escalation to gain access to Unix user of V-Charge appskv is stored only for a short duration on smartphone
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 18Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
Attacks Involving the Vehicle
Deploy attacker’s 〈skt, certt〉 to a victim’s vehicleHSM should only accept certt if it is issued for the corresponding VINvof the vehicle
Extract 〈skv, certv〉 from a victim’s vehicleRequires hacking the HSMRevocation of certv, re-generate skv, request a new certv
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 19Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
Conclusion
Novel approach for securely deploying cryptographic keys to vehiclesSupporting multiple services without trusting central authoritiesPrivate key never leaves vehicle ownerAuthentication/Authorization based on standardsOvercoming OAuth design problems: keeping it simpleUsable securityNo vehicular Internet access required
Questions?email: [email protected]
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 20Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
Conclusion
Novel approach for securely deploying cryptographic keys to vehiclesSupporting multiple services without trusting central authoritiesPrivate key never leaves vehicle ownerAuthentication/Authorization based on standardsOvercoming OAuth design problems: keeping it simpleUsable securityNo vehicular Internet access required
Questions?email: [email protected]
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 20Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
Vehicle Pre-Registration
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 21Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
Public Key Pinning
Introducing certificate/public key pinningInclude V-Charge’s SSL CA certificate in-appTrust by application updatesNo reliance on CAs
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 22Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
V-Charge Project
GoalsA system combining autonomous valet parking with e-mobilityIncreasing customer acceptance of electric vehiclesBy compensating for longer charging cycles
ChallengesEfficiently using scarce charging resourcesMultiple communication channels (V2I, Web, mobile)Autonomous driving and parking (not in this talk)
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 23Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
V-Charge Partners
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
Motivation
Scenario: EV driver at airportRoam for a free spotUse shuttle servicesTransport luggageWhat about charging?
DisadvantagesCumbersomeOnly few charging stationsMakes it even harder to find parking
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 25Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
V-Charge: Autonomous Parking and Charging
Drop-o�
Zone
Charging Station
Drop-off
Drop-o� andPick-up Zone
Charging Station
Reparking
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 26Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
V-Charge: Advanced Scenarios
Drop-o�
Charging Station
No CS available
Drop-o�
Charging Station
Alternative path
Blocked path
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 27Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks
Motivation Authentication and Authorization Vehicle Registration Key Deployment Conclusion
TU Contributions
V2X communicationsServer infrastructureCustomer interactionSystem securityParking resource management
4. November 2013 Julian Timpner, Dominik Schürmann, Lars Wolf Page 28Secure Smartphone-based Registration and Key Deployment for Vehicle-to-Cloud Communications Institute of Operating Systems
and Computer Networks