VDTLS v1'1 Status Update

1
VDTLS v1.1 Status Update

• Sheng-Po Kuo, Telcordia, Taiwan
• kuopo_at_research.telcordia.com
  
• Chih-Hsun (Anthony) Chou, III, Taiwan
• 
  chchou_at_iii.org.tw

2
VDTLS Secure UDP Communications

• Secured end-to-end session
• Mutual authentication
• Message encryption w/choice of ciphers
• Message integrity verification w/choice of
  hashing algorithms
• Separate security parameters for different
  sessions
• UDP Transport, but w/reliable session
  establishment protocol
• Benefits of asymmetric cryptography w/o
  management burden of certificates
• Bandwidth efficient

3
VDTLS v1.1

• Motivation
• VDTLS v1.0 is an application-layer security
  protocol that was originally designed and
  implemented for VII PoC. It was used to secure
  the Probe Data Collection application in the POC.
• Short message size
• Short communication period
• Unidirectional communication.
• Goals
• Concurrent sessions
• Bi-directional transmission.
• More generic APIs

4
Design Principles

• Multiple bidirectional VDTLS sessions
• A listener for port negotiation is implemented
• Multiple VDTLS threads listen on different ports
• A descriptor number to handle the transmission of
  a single session
• Reliable transmission (option)
• Sender can wait ACK to make sure a transmission
  is successful
• Implement a buffer to store received data for
  each connection
• Thread-safe considerations
• OpenSSL
• Miracl

5
Multiple VDTLS Sessions
6
APIs

• int vdtls_socket (int type)
• int vdtls_bind (int vdtls_sockfd, const struct
  sockaddr my_addr, socklen_t addrlen)
• int vdtls_listen (int vdtls_socket, int cipher,
  int timeout, int is_ack, int debug)
• int vdtls_accept (int vdtls_sockfd)
• int vdtls_connect (int vdtls_sockfd, const struct
  sockaddr serv_addr, socklen_t addrlen, char
  svr_pub_id, int cipher)
• int vdtls_send (int vdtls_sockfd, void msg, int
  size)
• int vdtls_recv (int vdtls_sockfd, void buffer,
  int size)
• int vdtls_close (int vdtls_sockfd)

7
Conclusion and Future Work

• Current status
• Two-way unicast for single-hop V2R
• Medium to long handshake latency
• Functionality enhancement will be done at the end
  of this year.
• Future directions
• Performance enhancement
• Wrap VDTLS v1.1 APIs to support legacy
  applications

8
(No Transcript)
9
Environment
Backend Public Safety Applications
Backend Commercial Applications
Secure UDP Communications between Vehicle and
Back-end Server Applications
Network
Secure UDP Communications between Vehicle and
RSE-based Applications
Local RSE Applications
RSE
Broadcast and point-to-point delivery of V2I
Messages between RSE and vehicles
Secure UDP Communications between Vehicles
RSE Radio Coverage
V2V Communications
Local OBU Applications
Local OBU Applications
OBU
OBU
9
10
VDTLS Architectural Overview
Secure UDP Session using VDTLS
AppClient
AppSvr
OBE
RSE
Secured WSA

• A client-server protocol based on IETF DTLS and
  TLS (RFC-4347/4346)
• Introduces Identity-Based Encryption
  (Boneh-Franklin) as authenticated key exchange
  method
• IBE is a unique public-key cryptographic system
  where any arbitrary string can be used as a
  public key
• VDTLS uses information already broadcasted in
  Secure WSAs as applications public key (i.e.,
  IPPort)
• Re-designed session handshake protocol

10
11
VDTLS Session Negotiation
OBE
RSE
Secured WSA Contains AppSvrs Public ID, signed
by RSE
AppClient
AppSvr
ClientHelloClientKeyExchange
ServerHelloServerKeyExchangeChangeCipherSpecF
inished
ChangeCipherSpecFinishedFinished /
Application Data
Application Data
Session renegotiation and session resumption also
supported
11