SePCAR: A Secure and Privacy-Enhancing Protocol for Car Access Provision

  • Iraklis SymeonidisEmail author
  • Abdelrahaman Aly
  • Mustafa Asan Mustafa
  • Bart Mennink
  • Siemen Dhooghe
  • Bart Preneel
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10493)


We present an efficient secure and privacy-enhancing protocol for car access provision, named SePCAR. The protocol is fully decentralised and allows users to share their cars conveniently without sacrifising their security and privacy. It provides generation, update, revocation, and distribution mechanisms for access tokens to shared cars, as well as procedures to solve disputes and to deal with law enforcement requests, for instance in the case of car incidents. We prove that SePCAR meets its appropriate security and privacy requirements and that it is efficient: our practical efficiency analysis through a proof-of-concept implementation shows that SePCAR takes only 1.55 s for a car access provision.



This work was supported in part by the Research Council KU Leuven: C16/15/058 and GOA TENSE (GOA/11/007). Bart Mennink is supported by a postdoctoral fellowship from the Netherlands Organisation for Scientific Research (NWO) under Veni grant 016.Veni.173.017.


  1. 1.
    Araki, T., Furukawa, J., Lindell, Y., Nof, A., Ohara, K.: High-throughput semi-honest secure three-party computation with an honest majority. In: Proceedings of the 2016 ACM SIGSAC CCS, pp. 805–817 (2016)Google Scholar
  2. 2.
    Balasch, J., Rial, A., Troncoso, C., Preneel, B., Verbauwhede, I., Geuens, C.: PrETP: privacy-preserving electronic toll pricing. In: USENIX, pp. 63–78 (2010)Google Scholar
  3. 3.
    Bellare, M., Boldyreva, A., Micali, S.: Public-key encryption in a multi-user setting: security proofs and improvements. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 259–274. Springer, Heidelberg (2000). doi: 10.1007/3-540-45539-6_18CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: FOCS, pp. 394–403 (1997)Google Scholar
  5. 5.
    Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. J. Comput. Syst. Sci. 61(3), 362–399 (2000). Scholar
  6. 6.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: STOC, pp. 1–10. ACM (1988)Google Scholar
  7. 7.
    Bert, J., Collie, B., Gerrits, M., Xu, G.: What’s ahead for car sharing?: the new mobility and its impact on vehicle sales. Accessed June 2017
  8. 8.
    BMW: DriveNow Car Sharing. Accessed Nov 2016
  9. 9.
    Council of the EU Final Compromised Resolution: General Data Protection Regulation. Accessed Feb 2015
  10. 10.
    Damgård, I., Fitzi, M., Kiltz, E., Nielsen, J.B., Toft, T.: Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 285–304. Springer, Heidelberg (2006). doi: 10.1007/11681878_15CrossRefGoogle Scholar
  11. 11.
    Damgård, I., Keller, M.: Secure multiparty AES. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 367–374. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14577-3_31CrossRefGoogle Scholar
  12. 12.
    Damgård, I., Pastro, V., Smart, N., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 643–662. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32009-5_38CrossRefGoogle Scholar
  13. 13.
    Fireball, D.: Regarding Uber’s New ‘Always’ Location Tracking. Accessed Apr 2017
  14. 14.
    Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Des. Codes Crypt. 2(2), 107–125 (1992). Scholar
  15. 15.
    Dmitrienko, A., Plappert, C.: Secure free-floating car sharing for offline cars. In: ACM CODASPY, pp. 349–360 (2017)Google Scholar
  16. 16.
    Enev, M., Takakuwa, A., Koscher, K., Kohno, T.: Automobile driver fingerprinting. PoPETs 2016(1), 34–50 (2016)Google Scholar
  17. 17.
    EVITA: E-safety Vehicle Intrusion Protected Applications (EVITA). Accessed Nov 2016
  18. 18.
    Furukawa, J., Lindell, Y., Nof, A., Weinstein, O.: High-throughput secure three-party computation for malicious adversaries and an honest majority. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 225–255. Springer, Cham (2017). doi: 10.1007/978-3-319-56614-6_8CrossRefGoogle Scholar
  19. 19.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    GOV.UK: reducing mobile phone theft and improving security. Accessed Apr 2017
  22. 22.
    International Organization for Standardization: ISO/IEC 9797-1:2011. Accessed June 2017
  23. 23.
    Internet Engineering Task Force: PKCS #1: RSA Cryptography Specifications Version 2.0. Accessed June 2017
  24. 24.
    Internet Engineering Task Force: Use of the RSA-KEM Key Transport Algorithm in the Cryptographic Message Syntax (CMS). Accessed June 2017
  25. 25.
    INVERS: Make Mobility Shareable. Accessed Apr 2017
  26. 26.
    Keller, M., Orsini, E., Scholl, P.: MASCOT: faster malicious arithmetic secure computation with oblivious transfer. In: ACM SIGSAC, pp. 830–842 (2016)Google Scholar
  27. 27.
    Kerschbaum, F., Lim, H.W.: Privacy-preserving observation in public spaces. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9327, pp. 81–100. Springer, Cham (2015). doi: 10.1007/978-3-319-24177-7_5CrossRefGoogle Scholar
  28. 28.
    Khodaei, M., Jin, H., Papadimitratos, P.: Towards deploying a scalable & robust vehicular identity and credential management infrastructure. CoRR (2016)Google Scholar
  29. 29.
    Lipmaa, H., Toft, T.: Secure equality and greater-than tests with sublinear online complexity. In: Fomin, F.V., Freivalds, R., Kwiatkowska, M., Peleg, D. (eds.) ICALP 2013. LNCS, vol. 7966, pp. 645–656. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39212-2_56CrossRefGoogle Scholar
  30. 30.
    Micali, S.: Algorand: the efficient and democratic ledger (2016). arXiv:1607.01341
  31. 31.
    Mustafa, M.A., Zhang, N., Kalogridis, G., Fan, Z.: Roaming electric vehicle charging and billing: An anonymous multi-user protocol. In: IEEE SmartGridComm, pp. 939–945 (2014)Google Scholar
  32. 32.
    Naphade, M.R., Banavar, G., Harrison, C., Paraszczak, J., Morris, R.: Smarter cities and their innovation challenges. IEEE Comput. 44(6), 32–39 (2011)CrossRefGoogle Scholar
  33. 33.
    OpenSSL: Cryptography and SSL/TLS Toolkit. Accessed Apr 2017
  34. 34.
    PRESERVE: Preparing Secure Vehicle-to-X Communication Systems (PRESERVE). Accessed Nov 2016
  35. 35.
    Ramamurthy, H., Prabhu, B., Gadh, R., Madni, A.M.: Wireless industrial monitoring and control using a smart sensor platform. IEEE Sens. J. 7(5), 611–618 (2007)CrossRefGoogle Scholar
  36. 36.
    Raya, M., Papadimitratos, P., Hubaux, J.: Securing vehicular communications. IEEE Wirel. Commun. 13(5), 8–15 (2006)CrossRefGoogle Scholar
  37. 37.
    reddit: identifying Muslim cabbies from trip data and prayer times. Accessed Apr 2017
  38. 38.
    Rogaway, P., Shrimpton, T.: Cryptographic hash-function basics: definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 371–388. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-25937-4_24CrossRefGoogle Scholar
  39. 39.
    Shaheen, S.A., Cohen, A.P.: Car sharing and personal vehicle services: worldwide market developments and emerging trends. Int. J. Sustain. Transp. 7(1), 5–34 (2013)CrossRefGoogle Scholar
  40. 40.
    Symeonidis, I., Mustafa, M.A., Preneel, B.: Keyless car sharing system: a security and privacy analysis. In: IEEE ISC2, pp. 1–7 (2016)Google Scholar
  41. 41.
    Guardian, T.: Hell of a ride: even a PR powerhouse couldn’t get Uber on track. Accessed Apr 2017
  42. 42.
    Tor: METRICS. Accessed Apr 2017
  43. 43.
    Tor Project: protect your privacy. Defend yourself against network surveillance and traffic analysis. Accessed Apr 2017
  44. 44.
    Troncoso, C., Danezis, G., Kosta, E., Balasch, J., Preneel, B.: PriPAYD: privacy-friendly pay-as-you-drive insurance. IEEE TDSC 8(5), 742–755 (2011)Google Scholar
  45. 45.
    Trusted Computing Group: TPM 2.0 Library Profile for Automotive-Thin. Accessed June 2016
  46. 46.
    United States Patent, Trademark Office. Applicant: Apple Inc.: accessing a vehicle using portable devices. Accessed June 2017
  47. 47.
    USA TODAY: Toyota will test keyless car sharing. Accessed Nov 2016
  48. 48.
    Volvo: Worth a Detour. Accessed Nov 2016
  49. 49.
    Wielinski, G., Trépanier, M., Morency, C.: Electric and hybrid car use in a free-floating carsharing system. Int. J. Sustain. Transp. 11(3), 161–169 (2017)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Iraklis Symeonidis
    • 1
    Email author
  • Abdelrahaman Aly
    • 1
  • Mustafa Asan Mustafa
    • 1
  • Bart Mennink
    • 2
  • Siemen Dhooghe
    • 1
  • Bart Preneel
    • 1
  1. 1.imec-COSICKU LeuvenLeuvenBelgium
  2. 2.Radboud UniversityNijmegenThe Netherlands

Personalised recommendations