KnE Engineering
ISSN: 2518-6841
The latest conference proceedings on all fields of engineering.
Assessment of Threats to the Security of the Cryptographic Authentication Mechanisms of the Monitor Devices of Vehicles
Published date: Oct 08 2018
Journal Title: KnE Engineering
Issue title: Breakthrough directions of scientific research at MEPhI: Development prospects within the Strategic Academic Units
Pages: 391–401
Authors:
Abstract:
In accordance with the legislation on transport security, a number of vehicles must be equipped with on-Board control devices containing a cryptographic means of authentication, registration and storage of control data, including key information of the electronic signature. This paper presents a solution to the problem of justification of the adequacy of measures to counter known attacks and methods of discrediting the suggested cryptographic mechanisms and the corresponding protocol, drawn up in the form of a draft national standard and presented in the previous work of the authors devoted to study of its security properties. The solution presented is limited to the consideration of attacks divided into two large classes: passive and active attacks, including temporary attacks based on the study of the response time of one or more participants of the protocol. The analysis of the security threat model of the Protocol generating a common key with the authentication of subscribers intended for use in tachographs installed on vehicles shows that the protocol provides sufficient measures to counter known attacks. The found possible attacks are of a formal nature, not allowing the offender to obtain any additional information in order to discredit the protocol.
References:
[1] European Agreement concerning the Work of Crews of Vehicles engaged in International Road Transport (AETR). economic commission. Inland transport Committee. Note by the Secretariat. Appendix 1B to Annex AETR, which contains requirements for the design, testing, installation and inspection of a digital control device used in road transport. – ECE/TRANS/SC.1/2006/2/Add.1. – 2008.
[2] Order of the Ministry of transport of Russia of February 13, 2013 № 36. El. resource http://www.mintrans.nso.ru/sites/mintrans.nso.ru/wodby_files/ files/wiki/2014/12/prikaz_36_13.pdf.
[3] Rosstandart. Information technology. Cryptographic protection of information. Recommendations for standardization. Principles of development and modernization of encryption (cryptographic) means of information security. – 2016. – 36 pp.
[4] Rosstandart. Information technology. Cryptographic protection of information. Recommendations for standardization. Cryptographic authentication mechanisms for use in control devices that ensure the operation of vehicles (draft second edition). – 2017. – 21 pp.
[5] Gorbatov, Victor S.; Zhukov, Igor Y.; Murashov, Oleg N.. Authentication and common key generation cryptographic protocol for vehicle tachographs. IT Security (Russia), [S.l.], v. 24, n. 4, p. 27-34, nov. 2017. ISSN 2074-7136. Available at:
[6] van Oorschot P.C., Wiener M.J., Parallel Collision Search with Cryptanalytic Applications// Journal of Cryptology — Vol. 12 — 1999. — 1-28 pp.
[7] Blanchet B., An Efficient Cryptographic Protocol Verifier Based on Prolog Rules, Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW), Cape Breton, IEEE Computer Society, 2009, pp. 82–96.
[8] Armando A. et al., The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. Proceedings of Computer Aided Verification’05 (CAV), Vol. 3576 of Lecture Notes in Computer Science, Springer, 2005, pp. 281-285.
[9] Available at: http://www.avispa-project.org/.
[10] Cheremushkin A.V. Kriptograficheskie protokoly: osnovnye svoystva i uyazvimosti [Cryptographic Protocols: Basic Properties and Vulnerability]. Moscow, Akademiya, 2009.
[11] Cremers C. J. F. Scyther - Semantics and Verification of Security Protocols// Ph. D. dissertation. Eindhoven University of Technology, 2006.
[12] Lowe G. A hierarchy of authentication specifications. In Proc. 10th IEEE Computer Security Foundations Workshop (CSFW), pages 31-44. IEEE, 1997.
[13] Blanchet B., An Efficient Cryptographic Protocol Verifier Based on Prolog Rules, Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW), Cape Breton, IEEE Computer Society, 2009, pp. 82–96.