Towards deploying a scalable & robust vehicular identity and credential management infrastructure

Several years of academic and industrial research efforts have converged to a common understanding on fundamental security building blocks for the upcoming Vehicular Communication (VC) systems. There is a growing consensus towards deploying a Vehicular Public-Key Infrastructure (VPKI) enables pseudonymous authentication, with standardization efforts in that direction. However, there are still significant technical issues that remain unresolved. Existing proposals for instantiating the VPKI either need additional detailed specifications or enhanced security and privacy features. Equally important, there is limited experimental work that establishes the VPKI efficiency and scalability. In this paper, we are concerned with exactly these issues. We leverage the common VPKI approach and contribute an enhanced system with precisely defined, novel features that improve its resilience and the user privacy protection. In particular, we depart from the common assumption that the VPKI entities are fully trusted and we improve user privacy in the face of an honest-but-curious security infrastructure. Moreover, we fully implement our VPKI, in a standard-compliant manner, and we perform an extensive evaluation. Along with stronger protection and richer functionality, our system achieves very significant performance improvement over prior systems - contributing the most advanced VPKI towards deployment.

[1]  J.-P. Hubaux,et al.  Architecture for Secure and Private Vehicular Communications , 2007, 2007 7th International Conference on ITS Telecommunications.

[2]  Frank Kargl,et al.  PREparing SEcuRe VEhicle-to-X Communication Systems , 2011 .

[3]  Panagiotis Papadimitratos,et al.  On the Performance of Secure Vehicular Communication Systems , 2011, IEEE Transactions on Dependable and Secure Computing.

[4]  Panagiotis Papadimitratos,et al.  VeSPA: vehicular security and privacy-preserving architecture , 2013, HotWiSec '13.

[5]  Pekka Nikander,et al.  DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[6]  Kpatcha M. Bayarou,et al.  Copra: Conditional pseudonym resolution algorithm in VANETs , 2013, 2013 10th Annual Conference on Wireless On-demand Network Systems and Services (WONS).

[7]  Panagiotis Papadimitratos,et al.  Towards a secure and privacy-preserving multi-service vehicular architecture , 2013, 2013 IEEE 14th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[8]  William Whyte,et al.  A security credential management system for V2V communications , 2013, 2013 IEEE Vehicular Networking Conference.

[9]  Panagiotis Papadimitratos,et al.  SEROSA: SERvice oriented security architecture for Vehicular Communications , 2013, 2013 IEEE Vehicular Networking Conference.

[10]  Panagiotis Papadimitratos,et al.  Vehicular communication systems: Enabling technologies, applications, and future outlook on intelligent transportation , 2009, IEEE Communications Magazine.

[11]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[12]  Michael Weber,et al.  V-Tokens for Conditional Pseudonymity in VANETs , 2010, 2010 IEEE Wireless Communication and Networking Conference.

[13]  Panagiotis Papadimitratos,et al.  Impact of vehicular communications security on transportation safety , 2008, IEEE INFOCOM Workshops 2008.

[14]  Panagiotis Papadimitratos,et al.  Eviction of Misbehaving and Faulty Nodes in Vehicular Networks , 2007, IEEE Journal on Selected Areas in Communications.

[15]  Eylem Ekici,et al.  Wireless Access in Vehicular Environments , 2009, EURASIP J. Wirel. Commun. Netw..

[16]  Panagiotis Papadimitratos “On the Road” - Reflections on the security of Vehicular communication systems , 2008, 2008 IEEE International Conference on Vehicular Electronics and Safety.

[17]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[18]  Carlisle M. Adams,et al.  Internet X.509 Certificate Request Message Format , 1999, RFC.

[19]  Elmar Schoch,et al.  A Generic Public Key Infrastructure for Securing Car-to-X Communication , 2011 .

[20]  Panagiotis Papadimitratos,et al.  Fast Exclusion of Errant Devices from Vehicular Networks , 2008, 2008 5th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[21]  Panagiotis Papadimitratos,et al.  Secure vehicular communication systems: design and architecture , 2008, IEEE Communications Magazine.

[22]  Elaine Shi,et al.  TACKing Together Efficient Authentication, Revocation, and Privacy in VANETs , 2009, 2009 6th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[23]  Panagiotis Papadimitratos,et al.  Securing Vehicular Communications - Assumptions, Requirements, and Principles , 2006 .

[24]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[25]  Panagiotis Papadimitratos,et al.  Scalable & Resilient Vehicle-Centric Certificate Revocation List Distribution in Vehicular Communication Systems , 2020, IEEE Transactions on Mobile Computing.