Binary Hash Tree based Certificate Access Management

We present a certificate access management system to support the USDOT’s proposed rule on Vehicle-to-Vehicle (V2V) communications, Federal Motor Vehicle Safety Standard (FMVSS) No. 150. Our proposal, which we call Binary Hash Tree based Certificate Access Management (BCAM) eliminates the need for vehicles to have bidirectional connectivity with the Security Credential Management System (SCMS) for certificate update. BCAM significantly improves the ability of the SCMS to manage large-scale software and/or hardware compromise events. Vehicles are provisioned at the start of their lifetime with all the certificates they will need. However, certificates and corresponding private key reconstruction values are provided to the vehicle encrypted, and the keys to decrypt them are only made available to the vehicles shortly before the start of the validity periods of those certificates. Vehicles that are compromised can be effectively removed from the V2V system by preventing them from decrypting the certificates. We demonstrate that the system is feasible with a broadcast channel for decryption keys and other revocation information, even if that channel has a relatively low capacity.

[1]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[2]  David Pointcheval,et al.  Fully Collusion Secure Dynamic Broadcast Encryption with Constant-Size Ciphertexts or Decryption Keys , 2007, Pairing.

[3]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[4]  Rafail Ostrovsky,et al.  Fast Digital Identity Revocation (Extended Abstract) , 1998, CRYPTO.

[5]  Michael Luby,et al.  LT codes , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[6]  Jonathan Loo,et al.  BECSI: Bandwidth efficient certificate status information distribution mechanism for VANETs , 2013, Mob. Inf. Syst..

[7]  Jose L. Muñoz,et al.  EPA: An efficient and privacy-aware revocation mechanism for vehicular ad hoc networks , 2015, Pervasive Mob. Comput..

[8]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[9]  Scott A. Vanstone,et al.  Provably Secure Implicit Certificate Schemes , 2002, Financial Cryptography.

[10]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[11]  Mihir Bellare,et al.  New Proofs for NMAC and HMAC: Security without Collision Resistance , 2006, Journal of Cryptology.

[12]  William Whyte,et al.  A security credential management system for V2V communications , 2013, 2013 IEEE Vehicular Networking Conference.

[13]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[14]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[15]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[16]  Richard Andrew Michalski,et al.  Opportunities for Enhancing the Robustness and Functionality of the Dedicated Short Range Communications (DSRC) Infrastructure Through the Use of Satellite DARS to Improve Vehicle Safety in the 21st Century , 2016 .