A Cloud-native Vehicular Public Key Infrastructure : Towards a Highly-available and Dynamically- scalable VPKIaaS / En cloud-native public key infrastruktur för fordon : För ett VPKI med hög tillgänglihhet och dynamisk skalbarhet

Noroozi, Hamid

January 2021

Efforts towards standardization of Vehicular Communication Systems (VCSs) have been conclusive on the use of Vehicular Public-Key Infrastructure (VPKI) for the establishment of trust among network participants. Employing VPKI in Vehicular Communication (VC) guarantees the integrity and authenticity of Cooperative Awareness Messages (CAMs) and Decentralized Environmental Notification Messages (DENMs). It also offers a level of privacy for vehicles as VPKI provides them with a set of non-linkable short-lived certificates, called pseudonyms, which are used to sign outgoing messages by vehicles while they communicate with other vehicles referred to as Vehicle-to-Vehicle (V2V) or Roadside Units (RSUs) referred to as Vehicle-to-Infrastructure (V2I). Each vehicle uses a pseudonym for its lifetime and by switching to a not- previously- used pseudonym, it continues to communicate without risking its privacy. There have been two approaches suggested by the literature on how to provide vehicles with pseudonyms. One is the so-called pre-loading mode, suggesting to pre-load vehicles with all pseudonyms they need, which increases the cost of revocation in case they are compromised. The other one is the on-demand mode, suggesting a real-time offering of pseudonyms by VPKI at vehicles request e.g., on starting each trip. Choosing the on-demand approach imposes a considerable burden of availability and resilience on VPKI services. In this work, we are confronting the problems regarding a large-scale deployment of an on-demand VPKI that is resilient, highly available, and dynamically scalable. In order to achieve that, by leveraging state-of-the-art tools and design paradigms, we have enhanced a VPKI system to ensure that it is capable of meeting enterprise-grade Service Level Agreement (SLA) in terms of availability, and it can also be cost-efficient as services can dynamically scale-out in the presence of high load, or possibly scale-in when facing less demand. That has been made possible by re-architecting and refactoring an existing VPKI into a cloud-native solution deployed as microservices. Towards having a reliable architecture based on distributed microservices, one of the key challenges to deal with is Sybil-based misbehavior. By exploiting Sybil-based attacks in VPKI, malicious vehicles can gain influential advantage in the system, e.g., one can affect the traffic to serve its own will. Therefore, preventing the occurrence of Sybil attacks is paramount. On the other hand, traditional approaches to stop them, often come with a performance penalty as they verify requests against a relational database which is a bottleneck of the operations. We propose a solution to address Sybil-based attacks, utilizing Redis, an in-memory data store, without compromising the system efficiency and performance considerably. Running our VPKI services on Google Cloud Platform (GCP) shows that a large-scale deployment of VPKI as a Service (VPKIaaS) can be done efficiently. Conducting various stress tests against the services indicates that the VPKIaaS is capable of serving real world traffic. We have tested VPKIaaS under synthetically generated normal traffic flow and flash crowd scenarios. It has been shown that VPKIaaS managed to issue 100 pseudonyms per request, submitted by 1000 vehicles where vehicles kept asking for a new set of pseudonyms every 1 to 5 seconds. Each vehicle has been served in less than 77 milliseconds. We also demonstrate that, under a flash crowd situation, with 50000 vehicles, VPKIaaS dynamically scales out, and takes ≈192 milliseconds to serve 100 pseudonyms per request submitted by vehicles. / Ansträngningar för standardisering av Vehicular Communication Systems har varit avgörande för användandet av Vehicular Public-Key Infrastructure (VPKI) för att etablera förtroende mellan nätverksdeltagare. Användande av VPKI i Vehicular Communication (VC) garanterar integritet och autenticitet av meddelanden. Det erbjuder ett lager av säkerhet för fordon då VPKI ger dem en mängd av icke länkbara certifikat, kallade pseudonym, som används medan de kommunicerar med andra fordon, kallat Vehicle-to-Vehicle (V2V) eller Roadside Units (RSUs) kallat Vehicle-to-Infrastructure (V2I). Varje fordon använder ett pseudonym under en begränsad tid och genom att byta till ett icke tidigare använt pseudonym kan det fortsätta kommunicera utan att riskera sin integritet. I litteratur har två metoder föreslagits för hur man ska ladda fordon med pseudonym de behöver. Den ena metoden det så kallade offline-läget, som proponerar att man för-laddar fordonen med alla pseudonym som det behöver vilket ökar kostnaden för revokering i fall de blir komprometterat. Den andra metoden föreslår ett on-demand tillvägagångssätt som erbjuder pseudonym via VPKI på fordonets begäran vid början av varje färd. Valet av på begäran metoden sätter en stor börda på tillgänglighet och motståndskraft av VPKI tjänster. I det här arbetet, möter vi problem med storskaliga driftsättningar av en på begäran VPKI som är motståndskraftig, har hög tillgänglighet och dynamiskt skalbarhet i syfte att uppnå dessa attribut genom att nyttja toppmoderna verktyg och designparadigmer. Vi har förbättrat ett VPKI system för att säkerställa att det är kapabelt att möta SLA:er av företagsklass gällande tillgänglighet och att det även kan vara kostnadseffektivt eftersom tjänster dynamiskt kan skala ut vid högre last eller skala ner vid lägre last. Detta har möjliggjorts genom att arkitekta om en existerande VPKI till en cloud-native lösning driftsatt som mikrotjänster. En av nyckelutmaningarna till att ha en pålitlig arkitektur baserad på distribuerade mikrotjänster är sybil-baserad missuppförande. Genom att utnyttja Sybil baserade attacker på VPKI, kan illvilliga fordon påverka trafik att tjäna dess egna syften. Därför är det av största vikt att förhindra Sybil attacker. Å andra sidan så dras traditionella metoder att stoppa dem med prestandakostnader. Vi föreslår en lösning för att adressera Sybilbaserade attacker genom att nyttja Redis, en in-memory data-store utan att märkbart kompromissa på systemets effektivitet och prestanda. Att köra våra VPKI tjänster på Google Cloud Platform (GCP) och genomföra diverse stresstester mot dessa har visat att storskaliga driftsättningar av VPKI as a Service (VPKIaaS) kan göras effektivt samtidigt som riktigt trafik hanteras. Vi har testat VPKIaaS under syntetisk genererat normalt trafikflöde samt flow och flash mängd scenarier. Det har visat sig att VPKIaaS klarar att utfärda 100 pseudonym per förfråga utsänt av 1000 fordon (där fordonen bad om en ny uppsättning pseudonym varje 1 till 5 sekunder), och varje fordon fått svar inom 77 millisekunder. Vi demonstrerar även att under en flashcrowd situation, där antalet fordon höjs till 50000 med en kläckningsgrad på 100. VPKIaaS dynamiskt skalar ut och tar ≈192 millisekunder att betjäna 100 pseudonymer per förfrågan gjord av fordon.

Security

Privacy

Vehicular PKI

VPKI

Identity and Credential Management

Vehicular Communications

VANETs

Availability

Scalability

Resilient

Efficiency

Microservice

Container Orchestration

Cloud

Pseudonym Transition

Pseudonym Unlinkability.

Säkerhet

personlig integritet

identitet- och behörighetsuppgifter

tillgänglighet

skalbarhet

motståndskraftig

effektivitet

moln

pseudonymitet

anonymitet

ospårbarhet.

Computer Sciences

Datavetenskap (datalogi)

Economic advantages of Blockchain technology VS Relational database : An study focusing on economic advantages with Blockchain technology and relational databases

Hedman Surlien, Peter

January 2018

Many IT-systems are when created not designed to be flexible and dynamic resulting in old and complex systems hard to maintain. Systems usually build their functionality and capability on the data contained in their databases. The database underlines such system, and when data do not correspond between different and synchronizing systems, it is a troublesome debugging process. This is because systems are complex and the software architecture is not always easy to understand. Due to increasing complexity in systems over time, making systems harder to debug and understand, there is a need for a system that decreases debugging costs. Furthermore, result in better transaction costs. This study proposes a system based on blockchain technology to accomplish this.   An ERP system based on blockchain with encrypted transactions was constructed to determine if the proposed system can contribute in better transaction costs. A case study at multiple IT-companies and comparison to an existing ERP system module validated the system. A successful simulation showed that multiple parts could read and append data to an immutable storage system for one truth of data. By all counts, and with proven results, the constructed blockchain solution based on encrypted transactions for an ERP system can reduce debugging costs.   It is also shown that a centralized database structure where external and internal systems can get one truth of data, decreases transaction costs. However, it is the decision makers in companies that need to be convinced for the constructed system to be implemented. A problem is also when modifications to the object type, then historical transactions cannot be changed in an immutable storage solution. Blockchain is still a new technology, and the knowledge of the technology and the evolution of the system determines if the proposed software architecture will result in better transaction costs.

ERP

Enterprise Resource Planning

Blockchain

Microservice

Complex systems

Distributed systems

Database

Synchronizing systems

Transaction costs

Engineering and Technology

Teknik och teknologier

Software Engineering

Programvaruteknik

Business Administration

Företagsekonomi

Information Systems

Microservices to Address the Change Challenges in Socio-Technical Evolutionary-Teal Organizations / A Design-Science-Research Approach

Sell, Johann

06 September 2023

Neue Organisationsformen, wie evolutionäre Organisationen, bilden in vielen Kooperationsszenarien sozio-technische Konstrukte mit modernen CSCW Anwendungen aus. Daher erfordern Veränderungen dieser sozialen Systeme eine kontinuierliche Anpassung der technischen Tools an die neuen sozialen Konfigurationen. Diese Dissertation ist als Design Science Research (DSR) Projekt konzipiert und addressiert die folgende Forschungsfrage (RQ): “Wie können soziotechnische, evolutionäre Organisationen die Herausforderungen der joint optimization und des organizational choice während ihrer autopoietischen Veränderungsprozesse addressieren?” Die Fallstudie Viva con Agua de St. Pauli e.V. wurde mittels qualitativer und ethnographischer Methoden im Rahmen der entsprechenden DSR Zyklen untersucht. Das Forschungsprojekt fokussiert die Entwicklung von Artefakten indem sowohl eine technische, als auch eine soziale Perspektive eingenommen wird. Aus der technische Perspektive wird die RQ durch eine Microservice-Plattform adressiert. Die Architektur dient der Verteilung von Verantwortlichkeit für die Software in einem heterogenen Netzwerk von Entwickler:innen. Dabei müssen diverse neue Herausforderungen beachtet werden, wie etwa die Verteilung des User Interface. Durch die Betrachtung der RQ aus der sozialen Perspektive wird der USMU Workshop entwickelt. Dieses Artefakt dient der Verbindung der Charakteristika evolutionärer Organisationen mit agiler Software Entwicklung und mit Methoden des partizipativen Designs. Die Studien zeigen, dass beide Artefakte die RQ adressieren. Zudem konnte ich für beide Artefakte wertvolle Verbesserungsmöglichkeiten aufzeigen. Somit motivieren die Ergebnisse den nächsten Schritt des Projekts und die vorliegende Thesis wird Bestandteil des zyklischen Ablaufs eines DSR Projekts. / The emergence of new types of organizational structures, such as evolutionary-teal organizations, almost always leads to the development of socio-technical constructs when it comes to working in collaboration with modern CSCW applications. A consequence of this is that the social system’s autopoietic change processes create challenges that compel one to adjust the implementation of the technical tool to the social system’s new configuration. This thesis is structured according to the design science research (DSR) approach and focuses on the research question (RQ): “How can socio-technical evolutionary-teal organizations address the challenges of joint optimization and organizational choice during their autopoietic processes?” For this purpose, the case study Viva con Agua de St. Pauli e.V. is investigated using a qualitative ethnographical approach during the DSR cycles. Addressing the RQ, two artifacts are designed from a technical as well as a social perspective. While the technical perspective primarily investigates the adjustments of technology, the social perspective focuses on the management of change in socio-technical evolutionary-teal organizations. I propose a microservice platform as an artifact that addresses the RQ from a technical perspective. The microservice architecture aims at spreading the responsibility for the software through a heterogeneous ecosystem of developers. The newly designed USMU workshop is addressing the RQ from the social perspective. It strives to intertwine the characteristics of evolutionary-teal organizations with agile software development and participatory design methods. In my studies, I examine the fact that both artifacts can be used to address the RQ. Additionally, I was able to identify valuable improvements for both of my artifacts. Hence, the project follows the lifecycle of a DSR project by reasoning through the results presented here for its next iteration.

Sozio-Technik

Microservice

Evolutionäre Organisationen

Joint Optimization

Organizational Choice

Partizipatives Design

Agile Software Entwicklung

UI Fragment Composition

Anforderungserhebung

CSCW

Computer Supported Cooperative Work

Socio-technical systems

Microservices

Evolutionary-teal organizations

Joint Optimization

Organizational Choice

Participatory Design

Agile Software Development

UI Fragment Composition

Requirements Engineering

CSCW

Computer Supported Cooperative Work

004 Informatik

ST 285

ddc:004

ddc:000