HERMES: Scalable, Secure, and Privacy-Enhancing Vehicular Sharing-Access System

Iraklis Symeonidis, Dragos Rotaru, Mustafa A. Mustafa, Bart Mennink, Bart Preneel, Panos Papadimitratos
<span title="">2021</span> <i title="Institute of Electrical and Electronics Engineers (IEEE)"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/rkvmqtb3orhy5h6d5ccjzgxej4" style="color: black;">IEEE Internet of Things Journal</a> </i> &nbsp;
We propose HERMES, a scalable, secure, and privacy-enhancing system for users to share and access vehicles. HERMES securely outsources operations of vehicle access token generation to a set of untrusted servers. It builds on an earlier proposal, namely SePCAR [1], and extends the system design for improved efficiency and scalability. To cater to system and user needs for secure and private computations, HERMES utilizes and combines several cryptographic primitives with secure multiparty
more &raquo; ... ion efficiently. It conceals secret keys of vehicles and transaction details from the servers, including vehicle booking details, access token information, and user and vehicle identities. It also provides user accountability in case of disputes. Besides, we provide semantic security analysis and prove that HERMES meets its security and privacy requirements. Last but not least, we demonstrate that HERMES is efficient and, in contrast to SePCAR, scales to a large number of users and vehicles, making it practical for real-world deployments. We build our evaluations with two different multiparty computation protocols: HtMAC-MiMC and CBC-MAC-AES. Our results demonstrate that HERMES is in the range of milliseconds for generating an access token, whether it operates for a single-vehicle owner or a large rental-company branch with over 1000 vehicles; handling 546 and 84 access token generations per second, respectively. As a result, HERMES is an order of magnitude faster compared to SePCAR. Specifically, it delivers 696 (with HtMAC-MiMC) and 42 (with CBC-MAC-AES) more access tokens compared to in SePCAR for a single-vehicle owner access token generation. Furthermore, we show that HERMES is practical on the vehicle side, too, as access token operations performed on a prototype vehicle on-board unit take only ≈ 62 ms.
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1109/jiot.2021.3094930">doi:10.1109/jiot.2021.3094930</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/snxktz26qfc6zj5qydwukmergm">fatcat:snxktz26qfc6zj5qydwukmergm</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20210719194342/https://ieeexplore.ieee.org/ielx7/6488907/6702522/09477257.pdf?tp=&amp;arnumber=9477257&amp;isnumber=6702522&amp;ref=" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/e4/44/e444eff5b2ad360a9c6a150add048c5378e0588f.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1109/jiot.2021.3094930"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> ieee.com </button> </a>