1

Credentials Revocation in Vehicular Networks:Design & Evaluation

Ghita Mezzour Panos Papadimitratos

2

Overview

Introduction Regional CRL CRL broadcast at low rate Results Conclusion

3

System model – General

CA RRoot CA

CA ARegion A

CA BRegion B

CA CRegion C

4

System model – Regional CA

Certification authority (CA)

Road Side Units (RSUs) Wired communication with the CA

Wireless communication with vehicles

Each vehicle has A unique identity V A pair of private and public keys

{kV , KV}

A certificate Cert {V, KV, Lf, attr}CA

Each message

Signed Accompagnied by the sender’s cert Accepted only within the region of the responsible CA

5

Problem statement

Vehicles can ‘misbehave’ Attackers : tampered software and hardware Mulfunctioning devices Stolen vehicles Administrative reasons

Once detected, it is necessary to revoke their credentials

6

Challenges & Constraints

Scalability Large number of revoked vehicles Large number of equipped vehicles that need the revocation information

Communication between RSUs and vehicles Non-pervasive Short contact times Bandwidth constrained

7

Classical credential management schemes (1/2) Certificates revocation lists (CRLs)

Long lived certificates e.g. 1 year CRL contains not yet expired certificates that were revoked

CA periodically issues a CRL CRL can become very large

8

Classical credential management schemes (2/2) CRL and -CRL

CRL issued e.g every month -CRL issued e.g every day or week Problem if some revocation piece is not received

Short lived certificates Short cert lifetime e.g. 1 day or 1 week Get a new certificate when certificate expires Overhead of issuing new Certs

9

Related work

[RPAJH JSAC 2007] propose two revocation schemes Revocation of the Trusted Component (RTC)

Reduces the number of Cert in the CRL

Requires to geographically localize vehicles Revocation using Compressed Certificate Revocation Lists (RC2RL)

CRLs are lossly compressed using Bloom Filters

Scalable

Some legitimate nodes may get revoked as well

10

CRL based approach

Widely used and tested in many systems

Robust

No false positive

Scalability issues

11

Agenda

Introduction Regional CRL CRL broadcast at low rate Results Conclusion

12

CRL size

Expected CRL size

E(NCRL) = Nv * p * r * (Lf /2) Nv Total number of vehicles

p Percentage of equipped vehicles

r Percentage of revoked vehicles per day

Lf Certificate lifetime

France Nv = 5.106, 3.105 stolen vehicles per year => 100 – 200 KBytes

13

Foreigner Cert (1/2)

{a, Ka, fr}B {KB}Root

{a, Ka}A

{a, Ka}A

B

A{a, Ka, fr}B

{a, Ka}A Regular Cert of vehicle a by CAA

{a, Ka, fr}B Foreigner Cert of vehicle a by CAB

14

Foreigner Cert (2/2)

Delivery protocol

Characteristics CAs have global revocation information Need to present a valid regular Cert Short lifetime Only valid inside B

a

B{a, current time}ka, {a, Ka}A

{a, Ka, fr}B, {B, KB}Root

{a, ACK, current time}ka

If a CRLA

15

Revocation –Misbehavior in the home region

A

a

Insert {a} in CRLA

B

{a, Ka}A

a in CRLA

16

Misbehavior of a

Revocation – Mibehavior in a host region

B

Insert {a,fr} in CRLB

A

Insert {a} in CRLA

C

{a, Ka}A

a in CRLA

{a, Ka}A

{a, Ka, fr}B

{a, Ka, fr}B

a not in CRLA

17

Foreigner Cert lifetime

Short lifetime Journeys in host regions are typically short

One week or one month lifetime Small overhead of issuing foreigner Certs Foreigner Certs in CRLs Periodical check of regular Certs that were issued a foreigner Cert

One day lifetime Overhead of issuing new foreigner Certs if long journey Implicit revocation: no foreigner Certs in CRLs

18

Summary

CAs need global revocation information Vehicles needs regional revocation information CRL of a region A contains

Certs of region A Foreigner Certs of foreign vehicles that misbehaved while in A

Small number Short lifetime

=> Short CRLs

19

Agenda

Introduction Regional CRL CRL broadcast at low rate Results Conclusion

20

CA - vehicles communication

Satellites Wide coverage Satellite receivers may not be compulsory Low and expensive bandwidth Satellite usage loyalties

Cell phones Expensive

WLAN, buses City infrastructure Present in remote areas

RSUs Non-pervasive Short contact times Bandwidth constrained VANET infrastructure

21

Background - Erasure codes

Erasure codes for data transmission The data is cut into M pieces The blocks are encoded into N >> M encoding pieces Reception of any slightly larger subset of pieces is enough to recover the

original data

22

Background – Fountain codes

Fountain codes e.g. Raptor code for data transmission The data is cut into M pieces The blocks are encoded into a potentially limitless encoded symboly Reception of any (1 + )M subset of pieces is enough to recover the data

23

How it works (1/2)

CRL is encoded using an Erasure code / fountain code

RSUs broadcast the encoded CRL pieces

Vehicles collect CRL pieces as they encounter RSUs

Vehicles recover the entire CRL when they receive enough pieces

24

How it works (2/2)

Erasure code: RSUs Shuffles the N pieces pseudorandomly Broadcasts them When the N pieces are over, it starts the

broadcast again

Fountain code: RSUs Broadcast the encoded pieces

25

Summary

Broadcast based on Erasure/fountain codes No collaboration between RSUs No synchronized Broadcast schedule

Requirements Vehicles complete the CRL reception fast Small overhead to the system

26

Agenda

Introduction Regional CRL CRL broadcast at low rate Results Conclusion

27

Number of pieces to receive

Number of pieces to be received to complete the reception of the CRL (99.99% confidence)

Erasure codes

M Number of uncoded CRL pieces

N Number of encoded CRL pieces Raptor code

M Number of CRL pieces

Code parameter affects the compltexity

Mi

Mitot

iN

iN

iN

NP 1 21

)(*9.3

MPtot 1

28

CRL bcstBandwidth B

RSU

CA

v

R

D

R

Time to complete the CRL

Total time to complete the CRL

Ptot Number of pieces to be received

sz Size of a CRL piece + overhead

v Speed of the vehicle

B Bandwidth of the CRL broadcast

R Range of RSUs

D Distance between encountering RSUs

RDR

RB

vszP

vT tot *

*1

29

Coding schemes comparison

Total number of pieces to be received to complete the reception of the CRL (99.99% cofidence) vs. Number of pieces in the CRL

30

Broadcast bandwidth – RSU range

Time duration to complete the reception of the CRL

vs. CRL broadcast bandwidth

200 KB CRL, D = 500m, v = 60 km/h

31

Vehicle speed – Distance between RSUs

Time duration to complete the CRL vs. vehicle speed

200KB CRL, B = 3KBytes/s, R = 300m

32

City vs. Highway scenario

City scenario

V = 40 km/h, dense RSUs

Highway scenario

V = 120 km/h, less dense RSUs

200 KB CRL

33

References

M. Raya, P. Papadimitratos, I. Aad, D. Jungels, and J. –P. Hubaux, Eviction of Misbehaving and Faulty Nodes in Vehicular Networks,  IEEE Journal on Selected Areas in Communications (JSAC), Special Issue on Vehicular Network, 4th Quarter, 2007

Ronald L. Rivest. Can we eliminate certificate revocation lists? In Rafael Hirschfeld, editor, Financial Cryptography, volume 1465, page 178-183, anguilla, British West Indies, February 1998. Springer

34

Conclusion

Revocation is crucial for VANET Challenging due to special environmental constraints CRL approach can be adapted

Regional CRL (Foreigner Certs) Low rate bandwidth (Erasure/fountain codes)