Loukas Lazos

Ziqi Xu, Jingcheng Li, Yanjun Pan et al.

Cooperative vehicle platooning significantly improves highway safety, fuel efficiency, and traffic flow. In this model, a set of vehicles move in line formation and coordinate acceleration, braking, and steering using a combination of physical sensing and vehicle-to-vehicle (V2V) messaging. The authenticity and integrity of the V2V messages are paramount to safety. For this reason, recent V2V and V2X standards support the integration of a PKI. However, a PKI cannot bind a vehicle's digital identity to the vehicle's physical state (location, velocity, etc.). As a result, a vehicle with valid cryptographic credentials can impact platoons from a remote location. In this paper, we seek to provide the missing link between the physical and the digital world in the context of vehicle platooning. We propose a new access control protocol we call Proof-of-Following (PoF) that verifies the following distance between a candidate and a verifier. The main idea is to draw security from the common, but constantly changing environment experienced by the closely traveling vehicles. We use the large-scale fading effect of ambient RF signals as a common source of randomness to construct a {\em PoF} primitive. The correlation of large-scale fading is an ideal candidate for the mobile outdoor environment because it exponentially decays with distance and time. We evaluate our PoF protocol on an experimental platoon of two vehicles in freeway, highway, and urban driving conditions. We demonstrate that the PoF withstands both the pre-recording and following attacks with overwhelming probability.

Yanjun Pan, Ziqi Xu, Ming Li et al.

Physical-layer based key generation schemes exploit the channel reciprocity for secret key extraction, which can achieve information-theoretic secrecy against eavesdroppers. Such methods, although practical, have been shown to be vulnerable against man-in-the-middle (MitM) attacks, where an active adversary, Mallory, can influence and infer part of the secret key generated between Alice and Bob by injecting her own packet upon observing highly correlated channel/RSS measurements from Alice and Bob. As all the channels remain stable within the channel coherence time, Mallory's injected packets cause Alice and Bob to measure similar RSS, which allows Mallory to successfully predict the derived key bits. To defend against such a MitM attack, we propose to utilize a reconfigurable antenna at one of the legitimate transceivers to proactively randomize the channel state across different channel probing rounds. The randomization of the antenna mode at every probing round breaks the temporal correlation of the channels from the adversary to the legitimate devices, while preserving the reciprocity of the channel between the latter. This prevents key injection from the adversary without affecting Alice and Bob's ability to measure common randomness. We theoretically analyze the security of the protocol and conduct extensive simulations and real-world experiments to evaluate its performance. Our results show that our approach eliminates the advantage of an active MitM attack by driving down the probability of successfully guessing bits of the secret key to a random guess.

Islam Samy, Mohamed A. Attia, Ravi Tandon et al.

Information-theoretic formulations of the private information retrieval (PIR) problem have been investigated under a variety of scenarios. Symmetric private information retrieval (SPIR) is a variant where a user is able to privately retrieve one out of $K$ messages from $N$ non-colluding replicated databases without learning anything about the remaining $K-1$ messages. However, the goal of perfect privacy can be too taxing for certain applications. In this paper, we investigate if the information-theoretic capacity of SPIR (equivalently, the inverse of the minimum download cost) can be increased by relaxing both user and DB privacy definitions. Such relaxation is relevant in applications where privacy can be traded for communication efficiency. We introduce and investigate the Asymmetric Leaky PIR (AL-PIR) model with different privacy leakage budgets in each direction. For user privacy leakage, we bound the probability ratios between all possible realizations of DB queries by a function of a non-negative constant $ε$. For DB privacy, we bound the mutual information between the undesired messages, the queries, and the answers, by a function of a non-negative constant $δ$. We propose a general AL-PIR scheme that achieves an upper bound on the optimal download cost for arbitrary $ε$ and $δ$. We show that the optimal download cost of AL-PIR is upper-bounded as $D^{*}(ε,δ)\leq 1+\frac{1}{N-1}-\frac{δe^ε}{N^{K-1}-1}$. Second, we obtain an information-theoretic lower bound on the download cost as $D^{*}(ε,δ)\geq 1+\frac{1}{Ne^ε-1}-\fracδ{(Ne^ε)^{K-1}-1}$. The gap analysis between the two bounds shows that our AL-PIR scheme is optimal when $ε=0$, i.e., under perfect user privacy and it is optimal within a maximum multiplicative gap of $\frac{N-e^{-ε}}{N-1}$ for any $(ε,δ)$.

Islam Samy, Mohamed A. Attia, Ravi Tandon et al.

In many applications, content accessed by users (movies, videos, news articles, etc.) can leak sensitive latent attributes, such as religious and political views, sexual orientation, ethnicity, gender, and others. To prevent such information leakage, the goal of classical PIR is to hide the identity of the content/message being accessed, which subsequently also hides the latent attributes. This solution, while private, can be too costly, particularly, when perfect (information-theoretic) privacy constraints are imposed. For instance, for a single database holding $K$ messages, privately retrieving one message is possible if and only if the user downloads the entire database of $K$ messages. Retrieving content privately, however, may not be necessary to perfectly hide the latent attributes. Motivated by the above, we formulate and study the problem of latent-variable private information retrieval (LV-PIR), which aims at allowing the user efficiently retrieve one out of $K$ messages (indexed by $θ$) without revealing any information about the latent variable (modeled by $S$). We focus on the practically relevant setting of a single database and show that one can significantly reduce the download cost of LV-PIR (compared to the classical PIR) based on the correlation between $θ$ and $S$. We present a general scheme for LV-PIR as a function of the statistical relationship between $θ$ and $S$, and also provide new results on the capacity/download cost of LV-PIR. Several open problems and new directions are also discussed.