ABSTRACT
We present a certificate access management system to support the USDOT's proposed rule on Vehicle-to-Vehicle (V2V) communications, Federal Motor Vehicle Safety Standard (FMVSS) No. 150. Our proposal, which we call Binary Hash Tree based Certificate Access Management (BCAM) eliminates the need for vehicles to have bidirectional connectivity with the Security Credential Management System (SCMS) for certificate update. BCAM significantly improves the ability of the SCMS to manage large-scale software and/or hardware compromise events. Vehicles are provisioned at the start of their lifetime with all the certificates they will need. However, certificates and corresponding private key reconstruction values are provided to the vehicle encrypted, and the keys to decrypt them are only made available to the vehicles shortly before the start of the validity periods of those certificates. Vehicles that are compromised can be effectively removed from the V2V system by preventing them from decrypting the certificates. We demonstrate that the system is feasible with a broadcast channel for decryption keys and other revocation information, even if that channel has a relatively low capacity.
Reproducibility VM download link: https://drive.google.com/open?id=0B4ozf__jZFRs7VmhqampHczhBTkU
- National Highway Traffic Safety Administration. 2017. Federal Motor Vehicle Safety Standards; V2V Communication. Technical Report 8. 3854--4019 pages. https://www.federalregister.gov/documents/2017/01/12/2016-31059/federal-motor-vehicle-safety-standards-v2v-communicationsGoogle Scholar
- William Aiello, Sachin Lodha, and Rafail Ostrovsky. 1998. Fast Digital Identity Revocation (Extended Abstract). In Advances in Cryptology - CRYPTO '98, 18th Annual International Cryptology Conference, Santa Barbara, California, USA, August 23--27, 1998, Proceedings. 137--152. Google ScholarDigital Library
- Mihir Bellare. 2015. New Proofs for NMAC and HMAC: Security without Collision Resistance. J. Cryptology 28, 4 (2015), 844--878. Google ScholarDigital Library
- Daniel R. L. Brown, Robert P. Gallant, and Scott A. Vanstone. 2001. Provably Secure Implicit Certificate Schemes. In Financial Cryptography, 5th International Conference, FC 2001, Grand Cayman, British West Indies, February 19--22, 2002, Proceedings. 147--156. Google ScholarDigital Library
- Ivan Damgård. 1989. A Design Principle for Hash Functions. In Advances in Cryptology - CRYPTO '89, 9th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20--24, 1989, Proceedings. 416--427. Google ScholarDigital Library
- Cécile Delerablée, Pascal Paillier, and David Pointcheval. 2007. Fully Collusion Secure Dynamic Broadcast Encryption with Constant-Size Ciphertexts or Decryption Keys. In Pairing-Based Cryptography - Pairing 2007, First International Conference, Tokyo, Japan, July 2--4, 2007, Proceedings. 39--59. Google ScholarDigital Library
- Whitfield Diffie and Martin E. Hellman. 1976. New directions in cryptography. IEEE Trans. Information Theory 22, 6 (1976), 644--654. Google ScholarDigital Library
- Amos Fiat and Moni Naor. 1993. Broadcast Encryption. In Advances in Cryptology - CRYPTO '93, 13th Annual International Cryptology Conference, Santa Barbara, California, USA, August 22--26, 1993, Proceedings. 480--491. Google ScholarDigital Library
- Internet Engineering Task Force. 2007. RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec. Standard. https://tools.ietf.org/html/rfc4868Google Scholar
- Carlos Gañán, Jose L. Muñoz, Oscar Esparza, Jonathan Loo, Jorge Mata-Díaz, and Juanjo Alins. 2013. BECSI: Bandwidth efficient certificate status information distribution mechanism for VANETs. Mobile Information Systems 9, 4 (2013), 347--370. Google ScholarDigital Library
- Carlos Gañán, Jose L. Muñoz, Oscar Esparza, Jorge Mata-Díaz, and Juanjo Alins. 2015. EPA: An efficient and privacy-aware revocation mechanism for vehicular ad hoc networks. Pervasive and Mobile Computing 21 (2015), 75--91.Google ScholarCross Ref
- IEEE. 2016. IEEE Std 1609.2--2016 - IEEE Standard for Wireless Access in Vehicular Environments - Security Services for Applications and Management Messages. Standard.Google Scholar
- Don Johnson, Alfred Menezes, and Scott A. Vanstone. 2001. The Elliptic Curve Digital Signature Algorithm (ECDSA). Int. J. Inf. Sec. 1, 1 (2001), 36--63. Google ScholarDigital Library
- Crash Avoidance Metrics Partners LLC. 2016. EE Requirements and Specifications Supporting SCMS Software Release 1.1. Technical Report. http://www.its.dot.gov/pilots/pdf/SCMS__POC__EE__Requirements.pdfGoogle Scholar
- Crash Avoidance Metrics Partners LLC. 2016. SCMS Proof-of-Concept Interfaces. Technical Report. https://stash.campllc.org/projects/SCMS/repos/scms-asnGoogle Scholar
- Michael Luby. 2002. LT Codes. In 43rd Symposium on Foundations of Computer Science (FOCS 2002), 16--19 November 2002, Vancouver, BC, Canada, Proceedings. 271. Google ScholarDigital Library
- Ralph C. Merkle. 1987. A Digital Signature Based on a Conventional Encryption Function. In Advances in Cryptology - CRYPTO '87, A Conference on the Theory and Applications of Cryptographic Techniques, Santa Barbara, California, USA, August 16--20, 1987, Proceedings. 369--378. Google ScholarDigital Library
- Richard A. Michalski and Ashok Vadekar. 2016. Opportunities for Enhancing the Robustness and Functionality of the Dedicated Short Range Communications (DSRC) Infrastructure Through the Use of Satellite DARS to Improve Vehicle Safety in the 21st Century. American Institute of Aeronautics and Astronautics.Google Scholar
- National Institute of Standards and Technology. 2015. Secure Hash Standard (SHS). Standard. http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdfGoogle Scholar
- Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman. 1983. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems (Reprint). Commun. ACM 26, 1 (1983), 96--99. Google ScholarDigital Library
- Adi Shamir. 1979. How to Share a Secret. Commun. ACM 22, 11 (1979), 612--613. Google ScholarDigital Library
- Mohammad Amin Shokrollahi and Michael Luby. 2009. Raptor Codes. Foundations and Trends in Communications and Information Theory 6, 3--4 (2009), 213--322. Google ScholarDigital Library
- William Whyte, André Weimerskirch, Virendra Kumar, and Thorsten Hehn. 2013. A security credential management system for V2V communications. In 2013 IEEE Vehicular Networking Conference, Boston, MA, USA, December 16--18, 2013. 1--8.Google ScholarCross Ref
Recommendations
RIKE: using revocable identities to support key escrow in PKIs
ACNS'12: Proceedings of the 10th international conference on Applied Cryptography and Network SecurityPublic key infrastructures (PKIs) are proposed to provide various security services. Some security services such as confidentiality, require key escrow in certain scenarios; while some others such as non-repudiation, prohibit key escrow. Moreover, these ...
Beacon certificate push revocation
CSAW '08: Proceedings of the 2nd ACM workshop on Computer security architecturesAuthentication information is best localized. Local sources of authentication information are better able to physically identify users, provide authoritative information on them, adequately protect authentication information and infrastructure, and ato ...
Development of a methodology to demonstrate the environmental impact of connected vehicles under lane-changing conditions
This paper describes a lane-change model for connected vehicles, and evaluates the environmental impact per road level of service (LOS) when a host vehicle makes a lane change. During manual driving, the host vehicle accelerates or decelerates to create ...
Comments