1
Credentials Revocation in Vehicular Networks:Design & Evaluation
Ghita Mezzour Panos Papadimitratos
2
Overview
Introduction Regional CRL CRL broadcast at low rate Results Conclusion
3
System model – General
CA RRoot CA
CA ARegion A
CA BRegion B
CA CRegion C
4
System model – Regional CA
Certification authority (CA)
Road Side Units (RSUs) Wired communication with the CA
Wireless communication with vehicles
Each vehicle has A unique identity V A pair of private and public keys
{kV , KV}
A certificate Cert {V, KV, Lf, attr}CA
Each message
Signed Accompagnied by the sender’s cert Accepted only within the region of the responsible CA
5
Problem statement
Vehicles can ‘misbehave’ Attackers : tampered software and hardware Mulfunctioning devices Stolen vehicles Administrative reasons
Once detected, it is necessary to revoke their credentials
6
Challenges & Constraints
Scalability Large number of revoked vehicles Large number of equipped vehicles that need the revocation information
Communication between RSUs and vehicles Non-pervasive Short contact times Bandwidth constrained
7
Classical credential management schemes (1/2) Certificates revocation lists (CRLs)
Long lived certificates e.g. 1 year CRL contains not yet expired certificates that were revoked
CA periodically issues a CRL CRL can become very large
8
Classical credential management schemes (2/2) CRL and -CRL
CRL issued e.g every month -CRL issued e.g every day or week Problem if some revocation piece is not received
Short lived certificates Short cert lifetime e.g. 1 day or 1 week Get a new certificate when certificate expires Overhead of issuing new Certs
9
Related work
[RPAJH JSAC 2007] propose two revocation schemes Revocation of the Trusted Component (RTC)
Reduces the number of Cert in the CRL
Requires to geographically localize vehicles Revocation using Compressed Certificate Revocation Lists (RC2RL)
CRLs are lossly compressed using Bloom Filters
Scalable
Some legitimate nodes may get revoked as well
10
CRL based approach
Widely used and tested in many systems
Robust
No false positive
Scalability issues
11
Agenda
Introduction Regional CRL CRL broadcast at low rate Results Conclusion
12
CRL size
Expected CRL size
E(NCRL) = Nv * p * r * (Lf /2) Nv Total number of vehicles
p Percentage of equipped vehicles
r Percentage of revoked vehicles per day
Lf Certificate lifetime
France Nv = 5.106, 3.105 stolen vehicles per year => 100 – 200 KBytes
13
Foreigner Cert (1/2)
{a, Ka, fr}B {KB}Root
{a, Ka}A
{a, Ka}A
B
A{a, Ka, fr}B
{a, Ka}A Regular Cert of vehicle a by CAA
{a, Ka, fr}B Foreigner Cert of vehicle a by CAB
14
Foreigner Cert (2/2)
Delivery protocol
Characteristics CAs have global revocation information Need to present a valid regular Cert Short lifetime Only valid inside B
a
B{a, current time}ka, {a, Ka}A
{a, Ka, fr}B, {B, KB}Root
{a, ACK, current time}ka
If a CRLA
15
Revocation –Misbehavior in the home region
A
a
Insert {a} in CRLA
B
{a, Ka}A
a in CRLA
16
Misbehavior of a
Revocation – Mibehavior in a host region
B
Insert {a,fr} in CRLB
A
Insert {a} in CRLA
C
{a, Ka}A
a in CRLA
{a, Ka}A
{a, Ka, fr}B
{a, Ka, fr}B
a not in CRLA
17
Foreigner Cert lifetime
Short lifetime Journeys in host regions are typically short
One week or one month lifetime Small overhead of issuing foreigner Certs Foreigner Certs in CRLs Periodical check of regular Certs that were issued a foreigner Cert
One day lifetime Overhead of issuing new foreigner Certs if long journey Implicit revocation: no foreigner Certs in CRLs
18
Summary
CAs need global revocation information Vehicles needs regional revocation information CRL of a region A contains
Certs of region A Foreigner Certs of foreign vehicles that misbehaved while in A
Small number Short lifetime
=> Short CRLs
19
Agenda
Introduction Regional CRL CRL broadcast at low rate Results Conclusion
20
CA - vehicles communication
Satellites Wide coverage Satellite receivers may not be compulsory Low and expensive bandwidth Satellite usage loyalties
Cell phones Expensive
WLAN, buses City infrastructure Present in remote areas
RSUs Non-pervasive Short contact times Bandwidth constrained VANET infrastructure
21
Background - Erasure codes
Erasure codes for data transmission The data is cut into M pieces The blocks are encoded into N >> M encoding pieces Reception of any slightly larger subset of pieces is enough to recover the
original data
22
Background – Fountain codes
Fountain codes e.g. Raptor code for data transmission The data is cut into M pieces The blocks are encoded into a potentially limitless encoded symboly Reception of any (1 + )M subset of pieces is enough to recover the data
23
How it works (1/2)
CRL is encoded using an Erasure code / fountain code
RSUs broadcast the encoded CRL pieces
Vehicles collect CRL pieces as they encounter RSUs
Vehicles recover the entire CRL when they receive enough pieces
24
How it works (2/2)
Erasure code: RSUs Shuffles the N pieces pseudorandomly Broadcasts them When the N pieces are over, it starts the
broadcast again
Fountain code: RSUs Broadcast the encoded pieces
25
Summary
Broadcast based on Erasure/fountain codes No collaboration between RSUs No synchronized Broadcast schedule
Requirements Vehicles complete the CRL reception fast Small overhead to the system
26
Agenda
Introduction Regional CRL CRL broadcast at low rate Results Conclusion
27
Number of pieces to receive
Number of pieces to be received to complete the reception of the CRL (99.99% confidence)
Erasure codes
M Number of uncoded CRL pieces
N Number of encoded CRL pieces Raptor code
M Number of CRL pieces
Code parameter affects the compltexity
Mi
Mitot
iN
iN
iN
NP 1 21
)(*9.3
MPtot 1
28
CRL bcstBandwidth B
RSU
CA
v
R
D
R
Time to complete the CRL
Total time to complete the CRL
Ptot Number of pieces to be received
sz Size of a CRL piece + overhead
v Speed of the vehicle
B Bandwidth of the CRL broadcast
R Range of RSUs
D Distance between encountering RSUs
RDR
RB
vszP
vT tot *
*1
29
Coding schemes comparison
Total number of pieces to be received to complete the reception of the CRL (99.99% cofidence) vs. Number of pieces in the CRL
30
Broadcast bandwidth – RSU range
Time duration to complete the reception of the CRL
vs. CRL broadcast bandwidth
200 KB CRL, D = 500m, v = 60 km/h
31
Vehicle speed – Distance between RSUs
Time duration to complete the CRL vs. vehicle speed
200KB CRL, B = 3KBytes/s, R = 300m
32
City vs. Highway scenario
City scenario
V = 40 km/h, dense RSUs
Highway scenario
V = 120 km/h, less dense RSUs
200 KB CRL
33
References
M. Raya, P. Papadimitratos, I. Aad, D. Jungels, and J. –P. Hubaux, Eviction of Misbehaving and Faulty Nodes in Vehicular Networks, IEEE Journal on Selected Areas in Communications (JSAC), Special Issue on Vehicular Network, 4th Quarter, 2007
Ronald L. Rivest. Can we eliminate certificate revocation lists? In Rafael Hirschfeld, editor, Financial Cryptography, volume 1465, page 178-183, anguilla, British West Indies, February 1998. Springer
34
Conclusion
Revocation is crucial for VANET Challenging due to special environmental constraints CRL approach can be adapted
Regional CRL (Foreigner Certs) Low rate bandwidth (Erasure/fountain codes)