Vulnerability Assessment of Secured Message and Identity Management Services in ETSI ITS C2C Communications

Examensarbete för masterexamen

Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.12380/193941
Download file(s):
File Description SizeFormat 
193941.pdfFulltext1.85 MBAdobe PDFView/Open
Type: Examensarbete för masterexamen
Master Thesis
Title: Vulnerability Assessment of Secured Message and Identity Management Services in ETSI ITS C2C Communications
Authors: Nowdehi, Nasser
Abstract: The Cooperative Intelligent Transport Systems (C-ITS) is a set of applications that aim at improving road safety and traffic efficiency as well as providing environmental benefits by enabling vehicles and roadside infrastructures to communicate with each other. This type of communication is mainly based on exchanging messages containing information such as speed, location and direction sent over an ad hoc local area network. However, the privacy of the users could be impaired by an adversary intercepting the information (e.g. location and identity of the driver) used in the messages exchanged between the vehicles and other ITS stations in an ad hoc vehicular network. Further, it is necessary to fulfill security requirements such as authentication and authorization to avoid unauthorized vehicles to get access to particular applications, services or privileges that should be only accessible by authorized vehicles (e.g. claim priority rights for emergency vehicles). As an effort to validate and authorize the ITS stations in a Vehicular Ad hoc Networks (VANET), the European Telecommunication Standards Institute (ETSI) has introduced a security architecture that brings the pseudonymity, confidentiality, authenticity and integrity into the VANET communications by using Certificate Authorities (CAs) and identity management procedures. This master thesis aims at conducting a vulnerability assessment on the ETSI ITS Secured Message and Identity Management Services in ETSI ITS C2C Communications by integrating sign/verification services into an existing implementation of the ETSI ITS communication system. We also propose countermeasures to eliminate the identified vulnerabilities. The vulnerability assessments performed in this thesis identify one major flaw in the design of the ETSI ITS security protocol concerning the location of the signature in a Secured Message. Furthermore, the assessments also identify 6 software vulnerabilities in the implementation of the ETSI ITS Secured Message which can be exploited for different types of attacks such as Denial of Service and buffer overflow.
Keywords: Data- och informationsvetenskap;Computer and Information Science
Issue Date: 2014
Publisher: Chalmers tekniska högskola / Institutionen för data- och informationsteknik (Chalmers)
Chalmers University of Technology / Department of Computer Science and Engineering (Chalmers)
URI: https://hdl.handle.net/20.500.12380/193941
Collection:Examensarbeten för masterexamen // Master Theses



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.