ACPC: Efficient revocation of pseudonym certificates using activation codes

Abstract Vehicular communication (V2X) technologies allow vehicles to exchange information about the road conditions and their own status, and thereby enhance transportation safety and efficiency. For broader deployment, however, such technologies are expected to address security and privacy concerns, preventing abuse by users and by the system’s entities. In particular, the system is expected to enable the revocation of malicious vehicles, e.g., in case they send invalid information to their peers or to the roadside infrastructure; it should also prevent the system from being misused for tracking honest vehicles. Both features are enabled by Vehicular Public Key Infrastructure (VPKI) solutions such as Security Credential Management Systems (SCMS), one of the leading candidates for protecting V2X communication in the United States. Unfortunately, though, SCMS’s original revocation mechanism can lead to large Certification Revocation Lists (CRLs), which in turn impacts the bandwidth usage and processing overhead of the system. In this article, we propose a novel design called Activation Codes for Pseudonym Certificates (ACPC), which can be integrated into SCMS to address this issue. Our proposal is based on activation codes, short bit-strings without which certificates previously issued to a vehicle cannot be used by the latter, which are periodically distributed to non-revoked vehicles using an efficient broadcast mechanism. As a result, the identifiers of the corresponding certificates do no need to remain on the CRL for a long time, reducing the CRLs’ size and streamlining their distribution and verification of any vehicle’s revocation status. Besides describing ACPC in detail, we also compare it to similar-purpose solutions such as Issue First Activate Later (IFAL) and Binary Hash Tree based Certificate Access Management (BCAM). This analysis shows that our proposal not only improves privacy (e.g., in terms of resilience against colluding system authorities), but also leads to processing and bandwidth overheads that are orders of magnitude smaller than those observed in the state of the art.

[1]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[2]  Morris J. Dworkin,et al.  SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions , 2015 .

[3]  Panagiotis Papadimitratos,et al.  The Key to Intelligent Transportation: Identity and Credential Management in Vehicular Communication Systems , 2015, IEEE Vehicular Technology Magazine.

[4]  Panagiotis Papadimitratos,et al.  Vehicular communication systems: Enabling technologies, applications, and future outlook on intelligent transportation , 2009, IEEE Communications Magazine.

[5]  Scott R. Fluhrer,et al.  Hash-Based Signatures , 2019 .

[6]  Rafail Ostrovsky,et al.  Fast Digital Identity Revocation (Extended Abstract) , 1998, CRYPTO.

[7]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[8]  Lidong Chen,et al.  Recommendation for Key Derivation Using Pseudorandom Functions (Revised) , 2009 .

[9]  Mike Lukuc,et al.  Vehicle-to-Vehicle Communications: Readiness of V2V Technology for Application , 2014 .

[10]  William Whyte,et al.  A security credential management system for V2V communications , 2013, 2013 IEEE Vehicular Networking Conference.

[11]  Divyakant Agrawal,et al.  Database Management as a Service: Challenges and Opportunities , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[12]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[13]  Yih-Chun Hu,et al.  Design and analysis of a lightweight certificate revocation mechanism for VANET , 2009, VANET '09.

[14]  Simon Josefsson,et al.  Edwards-Curve Digital Signature Algorithm (EdDSA) , 2017, RFC.

[15]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[16]  Panagiotis Papadimitratos,et al.  Eviction of Misbehaving and Faulty Nodes in Vehicular Networks , 2007, IEEE Journal on Selected Areas in Communications.

[17]  Jefferson E. Ricardini,et al.  The Unified Butterfly Effect: Efficient Security Credential Management System for Vehicular Communications , 2018, 2018 IEEE Vehicular Networking Conference (VNC).

[18]  Richard Andrew Michalski,et al.  Opportunities for Enhancing the Robustness and Functionality of the Dedicated Short Range Communications (DSRC) Infrastructure Through the Use of Satellite DARS to Improve Vehicle Safety in the 21st Century , 2016 .

[19]  William Whyte,et al.  Binary hash tree based certificate access management for connected vehicles , 2017, WISEC.

[20]  A. Iyer,et al.  Secure V2V communications: Performance impact of computational overheads , 2008, IEEE INFOCOM Workshops 2008.

[21]  Jefferson E. Ricardini,et al.  A privacy-preserving method for temporarily linking/revoking pseudonym certificates in vehicular networks , 2018, IACR Cryptol. ePrint Arch..

[22]  G. Dimitrakopoulos,et al.  Intelligent Transportation Systems , 2010, IEEE Vehicular Technology Magazine.

[23]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[24]  Frank Kargl,et al.  PUCA: A pseudonym scheme with user-controlled anonymity for vehicular ad-hoc networks (VANET) , 2014, 2014 IEEE Vehicular Networking Conference (VNC).

[25]  Yih-Chun Hu,et al.  Efficient Certificate Revocation List Organization and Distribution , 2011, IEEE Journal on Selected Areas in Communications.

[26]  H. Labiod,et al.  Risk analysis study of ITS communication architecture , 2012, 2012 Third International Conference on The Network of the Future (NOF).

[27]  Zhendong Ma,et al.  Privacy Requirements in Vehicular Communication Systems , 2009, 2009 International Conference on Computational Science and Engineering.

[28]  Bart Preneel,et al.  Davies-Meyer Hash Function , 2005, Encyclopedia of Cryptography and Security.

[29]  Eli Biham,et al.  How to decrypt or even substitute DES-encrypted messages in 228 steps , 2002, Inf. Process. Lett..

[30]  J.L. Martins de Carvalho,et al.  Towards the development of intelligent transportation systems , 2001, ITSC 2001. 2001 IEEE Intelligent Transportation Systems. Proceedings (Cat. No.01TH8585).

[31]  Eric R. Verheul,et al.  Activate Later Certificates for V2X - Combining ITS efficiency with privacy , 2016, IACR Cryptol. ePrint Arch..