混合传统PKI和组签名的V2X方案的正式验证

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-02-14 DOI:10.1016/j.jisa.2025.103998

Simone Bussa, Riccardo Sisto, Fulvio Valenza

{"title":"混合传统PKI和组签名的V2X方案的正式验证","authors":"Simone Bussa, Riccardo Sisto, Fulvio Valenza","doi":"10.1016/j.jisa.2025.103998","DOIUrl":null,"url":null,"abstract":"<div><div>Vehicle-to-Everything (V2X) communications are expected to reshape road mobility in the increasingly near future. This type of communication allows a vehicle to transmit information, such as its position and speed, which can be used for different applications. However, despite the benefits, the increased connectivity and data sent over the network may expose the vehicle to a significant number of cyber attacks. This paper takes one of the schemes proposed in the literature to protect the security and privacy of the vehicles, and analyses it from a security and privacy perspective using Proverif. Specifically, this scheme is unique in combining asymmetric encryption with digital certificates and group signatures used by vehicles to self-certify those certificates. We present a formal model able to capture all the main aspects of the protocol and the context in which it works, and show how security and privacy properties can be expressed for formal verification in Proverif. Our analysis conducted on the model of the protocol revealed some weaknesses for which we tried to provide a solution.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103998"},"PeriodicalIF":3.8000,"publicationDate":"2025-02-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Formal verification of a V2X scheme mixing traditional PKI and group signatures\",\"authors\":\"Simone Bussa, Riccardo Sisto, Fulvio Valenza\",\"doi\":\"10.1016/j.jisa.2025.103998\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Vehicle-to-Everything (V2X) communications are expected to reshape road mobility in the increasingly near future. This type of communication allows a vehicle to transmit information, such as its position and speed, which can be used for different applications. However, despite the benefits, the increased connectivity and data sent over the network may expose the vehicle to a significant number of cyber attacks. This paper takes one of the schemes proposed in the literature to protect the security and privacy of the vehicles, and analyses it from a security and privacy perspective using Proverif. Specifically, this scheme is unique in combining asymmetric encryption with digital certificates and group signatures used by vehicles to self-certify those certificates. We present a formal model able to capture all the main aspects of the protocol and the context in which it works, and show how security and privacy properties can be expressed for formal verification in Proverif. Our analysis conducted on the model of the protocol revealed some weaknesses for which we tried to provide a solution.</div></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":\"89 \",\"pages\":\"Article 103998\"},\"PeriodicalIF\":3.8000,\"publicationDate\":\"2025-02-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2214212625000365\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625000365","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

车辆到一切（V2X）通信预计将在不久的将来重塑道路交通。这种类型的通信允许车辆传输信息，比如它的位置和速度，这些信息可以用于不同的应用。然而，尽管有这些好处，增加的连接性和通过网络发送的数据可能会使车辆暴露在大量的网络攻击中。本文选取文献中提出的一种保护车辆安全与隐私的方案，使用Proverif从安全与隐私的角度对其进行分析。具体来说，该方案的独特之处在于，它将非对称加密与数字证书和组签名结合在一起，这些数字证书和组签名用于车辆对这些证书进行自我认证。我们提出了一个正式的模型，能够捕获协议的所有主要方面及其工作环境，并展示了如何在Proverif中表达安全和隐私属性以进行正式验证。我们对协议模型进行的分析揭示了我们试图提供解决方案的一些弱点。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Formal verification of a V2X scheme mixing traditional PKI and group signatures

Vehicle-to-Everything (V2X) communications are expected to reshape road mobility in the increasingly near future. This type of communication allows a vehicle to transmit information, such as its position and speed, which can be used for different applications. However, despite the benefits, the increased connectivity and data sent over the network may expose the vehicle to a significant number of cyber attacks. This paper takes one of the schemes proposed in the literature to protect the security and privacy of the vehicles, and analyses it from a security and privacy perspective using Proverif. Specifically, this scheme is unique in combining asymmetric encryption with digital certificates and group signatures used by vehicles to self-certify those certificates. We present a formal model able to capture all the main aspects of the protocol and the context in which it works, and show how security and privacy properties can be expressed for formal verification in Proverif. Our analysis conducted on the model of the protocol revealed some weaknesses for which we tried to provide a solution.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.