Title Participants Abstract "Post-Quantum Impacts on V2X Certificates – Already at The End of The Road" "Takahito Yoshizawa, Bart Preneel" "The current certificate definition for vehicle-to-everything (V2X) communication does not support forward compatibility as it does not take migration toward Post Quantum Cryptography (PQC) into account. As a result, introducing PQC compatible certificates in V2X can result in similar to Distributed Denial-of-Service (DDoS) attack to both legacy and PQC-ready vehicles. This situation will make the deployment of PQC certificates a stalemate situation. In addition, due to the larger public key and signature sizes in PQC algorithms, V2X message size will significantly increase, causing the channel capacity and effective transmission range to decrease. This situation will negatively impact the operation of V2X communication. In this sense, any unnecessary channel usages need to be avoided. We propose to revise the certificate definitions in IEEE 1609 and ETSI Intelligent Transport System (ITS) standards to address and mitigate these issues" "Reusable, Instant and Private Payment Guarantees for Cryptocurrencies" "Kelong Cong, Bart Preneel" "A New Approach To Pseudonym Certificate Management in V2X Communication" "Takahito Yoshizawa, Bart Preneel" "On the Brittleness of Robust Features: An Exploratory Analysis of Model Robustness and Illusionary Robust Features" "Rafa Gálvez Vizcaíno, Davy Preuveneers, Bart Preneel" "Neural networks have been shown to be vulnerable to visual data perturbations imperceptible to the human eye. Nowadays, the leading hypothesis about the reason for the existence of these adversarial examples is the presence of non-robust features, which are highly predictive but brittle. Also, it has been shown that there exist two types of non-robust features depending on whether or not they are entangled with robust features; perturbing non-robust features entangled with robust features can form adversarial examples. This paper extends earlier work by showing that models trained exclusively on robust features are still vulnerable to one type of adversarial example. Standard-trained networks can classify more accurately than robustly trained networks in this situation. Our experiments show that this phenomenon is due to the high correlation between most of the robust features and both correct and incorrect labels. In this work, we define features highly correlated with correct and incorrect labels as illusionary robust features. We discuss how perturbing an image attacking robust models affects the feature space. Based on our observations on the feature space, we explain why standard models are more successful in correctly classifying these perturbed images than robustly trained models. Our observations also show that, similar to changing non-robust features, changing some of the robust features is still imperceptible to the human eye." "Misbehaviour Reporting in ETSI ITS Standard Considered Broken" "Takahito Yoshizawa, Bart Preneel" "Yes We CAN! Towards Bringing Security to Legacy-Restricted Controller Area Networks. A Review" "Wouter Hellemans, Md Masoom Rabbani, Bart Preneel, Nele Mentens" "With the demand for advanced functionality such as autonomous driving, the complexity and connectivity of modern vehicles have faced an overwhelming expansion in recent years. Although the numerous interfaces pave the way for a better user experience, recent research has demonstrated that they can also serve as an attack surface for cybercriminals. Therefore, researchers have been challenged to develop a wide variety of security solutions aiming to solve specific issues.In this paper, we substantiate the need for a holistic security solution for vehicular networks. Specifically, we observe that current state-of-the-art security solutions are often subject to layer-specific issues. To mitigate this problem, the need arises to develop solutions working across all the layers of the network stack." "Let's Go Eevee! A Friendly and Suitable Family of AEAD Modes for IoT-to-Cloud Secure Computation" "Amit Singh Bhati, Erik Pohle, Aysajan Aishajiang, Bart Preneel" "Not Only for Contact Tracing: Use of Belgium’s Contact Tracing App among Young Adults" "Bart Preneel" "Many countries developed and deployed contact tracing apps to reduce the spread of the COVID-19 coronavirus. Prior research explored people's intent to install these apps, which is necessary to ensure effectiveness. However, adopting contact tracing apps is not enough on its own, and much less is known about how people actually use these apps. Exploring app use can help us identify additional failures or risk points in the app life cycle. In this study, we conducted 13 semi-structured interviews with young adult users of Belgium's contact-tracing app, Coronalert. The interviews were conducted approximately a year after the onset of the COVID-19 pandemic. Our findings offer potential design directions for addressing issues identified in prior work - such as methods for maintaining long-term use and better integrating with the local health systems - and offer insight into existing design tensions such as the trade-off between maintaining users' privacy (by minimizing the personal data collected) and users' desire to have more information about an exposure incident. We distill from our results and the results of prior work a framework of people's decision points in contact-tracing app use that can serve to motivate careful design of future contact tracing technology." "On Handling of Certificate Digest in V2X Communication" "Takahito Yoshizawa, Bart Preneel" "An efficient and physically secure privacy-preserving authentication scheme for Vehicular Ad-hoc NETworks (VANETs)" "Bart Preneel" "Vehicular ad-hoc networks (VANETs) can substantially improve traffic safety, and efficiency by providing a communication platform between vehicles and roadside units (RSUs) to share real-time information on traffic and road conditions. Two essential security requirements for VANETS are data authentication and the preservation of the privacy of vehicle owners. Conditional privacy-preserving authentication (CPPA) schemes address both of these security requirements. The existing CPPA schemes either require a tamper-resistant device (TRD), which is vulnerable to key exposure based on physical attacks or require continuous communications of vehicles with RSUs, which significantly increases the communication overhead. This paper addresses both of these problems by proposing a provable secure, and efficient CPPA scheme. We prove the privacy-preserving property of our scheme in the random oracle model and show that it offers anonymity, unlinkability, and tamper detection even if a physical attacker succeeds in compromising an individual OBU. Moreover, the performance analysis of our scheme shows a substantial improvement in communication cost, especially in comparison with RSU-aided schemes that require continuous vehicle communication with roadside units and a Trusted Authority (TA)."