An RSU Aided Distributed Certificate Update Scheme In Vehicular Networking Environment

An RSU Aided Distributed Certificate Update Scheme In Vehicular Networking Environment

An RSU Aided Distributed Certificate Update Scheme In Vehicular Networking Environment.

Sunil Solanki*

* PG Scholar,

Department of Computer Engineering, L D College of Engg., (Gujarat Technological University), Ahmedabad, India

Abstract- The Vehicular Ad-hoc Networks have been becoming promising technology towards developing applications like Intelligent Transport Systems (ITS) that aim to streamline the operation of vehicles, manage vehicle traffic, assist drivers with safety and other information, along with provisioning of convenience applications for passengers. As the open medium wireless communication leads to unreliable communication and brief (short-lived) connection and another important issue is the roaming between different domains due to high-speed mobility of vehicles and leads to the explicit cross-certificate agreement to provide interoperability for these vehicles. This paper presents a Robust Distributed Certificate approach for Authentication in vehicular networks which enables efficient certificate update from available Road-Side Unit in timely manner, to address the these security and performance issues,.

Index Terms- VANET, ITS, RSU, CA, OBU, WAVE, DSRC.

1. INTRODUCTION

   Figure. 1 Vehicular Networking Environment.

   By the next decade it is expected that 70% of all vehicular components will be electronic and with this integration VANET vehicles will be capable of storing and processing great amounts of information, including a driver's personal data and geo-location information. A VANET vehicle (Figure.2) is equipped with processing, recording and positioning mechanisms with a potentially infinite power supply.

   Fig. 2. A smart vehicles with central computing platform.

   Due to the open medium nature of wireless communications and the high-speed mobility of a large number of vehicles in spontaneous vehicular communications, entity authentication, message integrity, non-repudiation, and privacy preservation are identified as primary security requirements. It is evident that any malicious behavior of a user, such as injecting false information, modifying and replaying the disseminated messages, could be fatal to other legal users. Furthermore, the privacy of users must be guaranteed in the sense that the privacy-related information of a vehicle should be protected to prevent an observer from revealing the real identities of the

   users, tracking their locations, and inferring sensitive data. Hence, to satisfy the security and privacy requirements, it is prerequisite to elaborately design a suite of protocols to achieve security and privacy for practical vehicular networks. A well-recognized solution is to deploy Public Key Infrastructure (PKI), where each OBU has a set of authentic certificates. To protect the privacy of users, each OBU should use a certificate for a short duration and after that it has to replace this certificate, i.e., OBUs continuously consume their certificate sets. Eventually, each OBU will need to update its certificates. In classical PKI, any certificate update must be performed through a central Certification Authority (CA), which sends the updated certificate to the requesting OBU through the available RSUs on the roads. The centralized certificate update process in the classical PKI may be impractical in the large scale VANETs due to the following reasons: (1) Each CA encounters a large number of certificate update requests which can render the CA a bottle-neck;

   (2) The certificate update delay is long relative to the short V2I communication duration between the immobile RSUs and the highly mobile OBUs during which the new certificate should be delivered to the requesting OBU. The long certificate update delay is due to the fact that a request submitted by an OBU to an RSU must be forwarded to the CA, and CA has to send the new certificate to that RSU which in turn forwards the new certificate to the requesting OBU. Accordingly, the classical PKI should be pruned or optimized to satisfy the certificate service requirement in volatile vehicular communication scenarios. To provide a practical certification service for VANETs, it is required for each OBU to efficiently update its certificate in a timely manner. The certification service should also be decentralized to enable VANET to efficiently process the expected large number of certificate update requests. Moreover, to protect the user privacy, the updated certificates should be anonymous and free from the key escrow issue.

   According to the Dedicated Short Range Communication (DSRC)[5], which is part of the WAVE standard, each OBU in VANETs periodically broadcasts a message every 300 msec, where entity authentication and message integrity can be achieved by verifying the certificate and digital signature of the sender. In dense traffic areas, each OBU will receive a large number of messages in a short duration, and thus the ability to verify a large number of certificates and signatures in a specific period poses an inevitable challenge to the authentication technique.

   Security Challenges & Requirements.

   As vehicle-to-vehicle(V2V), vehicle-to-roadside units and vehicle-to-infrastructure(V2I) communication involves variety of applications, ranging from

   infotainment applications, such as media downloading, to traffic safety applications, such as driving assistance co-operative awareness, impose diverse requirements on the supporting vehicular networking technologies. These diverse requirements lead us to a number of research challenges. This section describes these research challenges.

   1. Addressing and Geographical addressing

   2. Risk analysis and management

   3. Data-centric Trust and Verification

   4. Anonymity, Privacy and Liability

   5. Secure Localization

   6. Forwarding algorithms

   7. Delay constraints

   8. Prioritization of data packets and congestion control

   9. Reliability and cross-layering between transport and network layers

      WAVE/ DSRC Standards.[4][5]

      DSRC-based ITS radio spectrum is a 75 MHz bandwidth in the 5.85 – 5.925 GHz for the DSRC frequency band. These standards are: IEEE 1609.1- resource manager, IEEE 1609.2-security, IEEE 1609.3- networking, IEEE 1609.4-multichannel operation. The combination of IEEE 802.11p and the IEEE 1609 protocol suite is denoted as WAVE (Wireless Access in Vehicular Environments).

      Architecture for Secure Communication. [3]

      The SeVeCOM architecture used in VANET addresses the following fundamental issues:

      • Identity, credential, and key management

      • Secure communication

   The main elements of the architecture are.

   AUTHORITIES

   NODE IDENTIFICATION HARDWARE SECURITY MODULE SECURE COMMUNICATION

   Digital signatures are the basic tools to secure communications and are used for all messages. To satisfy both the security and anonymity requirements, it relies on a pseudonymous authentication approach. Rather than utilizing the same long-term public and private key for securing communications, each vehicle utilizes multiple short-term private-public key pairs and certificates. A mapping between the short-term credentials and the long-term identity of each node is maintained by the CA.

   The basic idea is that:

   • Each vehicle is equipped with multiple certified public keys (pseudonyms) that do not reveal the node identity.

   • The vehicle uses each of them for a short period of time, and then switches to another, not previously used pseudonym.

     This way, messages signed under different pseudonyms cannot be linked. Signatures, calculated over the

     message payload, a timestamp, and the coordinates of the sender, can be generated by the originator of a message, as well as relaying nodes, depending on the protocol functionality.

     Security for frequently broadcast safety beacon messages, restricted flooding of messages within a geographical region or a hop-distance from the sender, and position-based routing used to transmit messages through a single route of relay nodes, where the nodes select as the next hop their neighbor with minimum remaining geographical distance to the destination position.

2. RELATED WORKS

Entity authentication, message integrity, non- repudiation, and privacy preservation in spontaneous vehicular communications are the primary security requirements and deploying efficient Public Key Infrastructure (PKI) is a well-recognized solution to achieve security & privacy for practical vehicular networks [1],[2].

In [2], Hubaux et al. identify the specific issues of

security and privacy challenges in VANETs, and claim that a Public Key Infrastructure (PKI) should be well deployed to protect the transited messages and to mutually authenticate among network entities. In [1], Raya et al. use a classical PKI to provide secure and privacy preserving communications to VANETs. For this approach, each vehicle needs to pre-load a huge pool of anonymous certificates. The number of the loaded certificates in each vehicle should be large enough to provide security and privacy preservation for a long time, e.g., one year. Each vehicle can update its certificates from a central authority during the annual inspection of the vehicle. The requirement to load a large number of certificates in each vehicle and efficiency for certificate management as revoking one

Based on anonymous group signature, Lu et al.[8] propose Efficient Conditional Privacy Preservation (ECPP) protocol for secure vehicular communications, which allows an OBU to get a short lifetime anonymous certificate (free from the key escrow property) from any RSU located in the domain in which the OBU was originally registered. The performance of the ECPP protocol is also evaluated under a well-deployed VANET.

Jiang et al.[9] propose a verification scheme capable of detecting bogus signatures in batch signature verification schemes, based on a new data structure called BAT – binary authentication tree.

Albert Wasef, Yixin et al. [16] proposed a scheme which

offers a flexible interoperability for certificate service in heterogeneous administrative Authorities, and an efficient way for any On-Board Units (OBUs) to update its certificate from the available infrastructure Road- Side Units (RSUs) in a timely manner with Master Authority at the topmost level raises single point failure possibility.

G. Calandriello et al. proposes a way to achieve efficient and robust pseudonym-based authentication, to enhance the availability and usability of privacy- enhancing VANET mechanisms: that enables vehicle on-board units to generate their own pseudonyms, without affecting the system security.

Brijesh Kumar Chaurasia et al.[P-9], proposed a mutual authentication technique for RSU and vehicle The technique has only one request reply message exchange.

1. Casola, et al.[17]presented a framework and its

   corresponding architecture to cope with security and interoperability problems appearing in VANET environments requiring the use of multiple regional Certification Authorities. The concept requires the Interoperability System (IS) & Reference Evaluation Methodology (REM).

   [16] & [17]

   vehicle implies revoking the huge number of certificates

   In connection with

   , we propose a Robust

   loaded in it, proves to trade-offs.

   Panagiotis Papadimitratos, et. al[3] within the SeVeCom project, developed a security architecture that provides a comprehensive and practical solution to provide a solution that can be quickly adopted and deployed.

   Lin et al.[6] use the group signature in [7] to secure the communications between vehicles. For the group

   signature technique, any group member can sign messages on behalf of the group without revealing its real identity. Signatures can be verified using the group public key, thus, providing an excellent privacy for the users as the identities of the users are revealed in neither signing nor verifying a message. However, the signature verification delay is linearly proportional to the number of revoked vehicles, causes poor performance in a large scale network such as VANETs, where the number of revoked vehicles may be large.

   Distributed Certificate based certificate update scheme which enables an OBU to update its certificate from any RSU. Consequently, certificate delay can be significantly decreased. Also, the scheme addresses the Communication Silent periods resulting in short-lived connections occurring due to natural characteristic of VANET, with the help of OBU Object (OO)- a software module.

   1. PROPOSED SYSTEM

      Now it is the time to articulate the research work with ideas gathered in above steps by adopting any of below suitable approaches:

      PRELIMINARIES

      In this section, we introduce the bilinear pairings. The notations used throughout the paper are given in Table- I.

      A. Bilinear Pairing

      The bilinear pairing [14] is the foundation of the proposed DCS scheme. Let 1 denote an additive group of prime order q, and 2 a multiplicative group of the same order. Let be a generator of 1, and 1 ×

      1 2 be a bilinear mapping with the following properties:

      1) Bilinear:(, ) = (, ) ,for all , 1 and

      , .

      2) Non-degeneracy: (, ) 12 .

      3) Symmetric: (, ) = (, ), for all , 1.

      4) Admissible: the map is efficiently computable. The bilinear map e can be implemented using the Weil and Tate pairings on elliptic curves. We consider the implementation of Tate pairing on a curve with embedding degree 6, where 1 is represented by 161 bits, and the order is represented by 160 bits. The group order of 1 is defined as the number of the points on the employed elliptic curve. For an MNT elliptic curve with embedding degree 6 and the order is represented by 160 bits, the group order of 1 is

      4.5 × 1030 , which qualifies the bilinear pairing as a practical choice for securing the large scale VANETs.

      The security of the proposed scheme depends on solving the following hard computational problems:

      • Elliptic Curve Discrete Logarithm Problem (ECDLP): Given a point of order on an elliptic curve, and a point on the same curve. The ECDLP problem is to determine the integer , 0 1, such that

        = .

      • Computational Diffie-Hellman problem (CDH): For two unknowns , , the CDH problem is given

      , 1, compute 1.

      SYSTEM DESIGN CONSIDERATIONS

      In this section, we discuss the security objectives, system architecture, and network model of the proposed scheme.

      1. Security Objectives

         In the scheme, we aim to achieve the following security objectives.

         1. Authentication:

         2. Non-repudiation:

         3. Privacy:

      2. Architecture

      The hierarchical architecture of the scheme, shown in Figure. 6, consists of three levels: The Certification Authority (CA) which is the root of the system, is located at level 1; the Road Side Units (RSUs) and the On-Board Units (OBUs) are located at level 2 and level 3, respectively. In this architecture, entity authentication for RSUs and OBUs is achieved using certificate-based authentication [10].

      Basic Operation of the Scheme: The basic operation of the scheme (Figure.7) is a follows.

      • The Certification Authorities (CAs) is responsible for generating initial certificates for the RSUs and OBUs in its domain. It also generates a public/private key pair for itself, for signing the outgoing messages and verifying the incoming messages. Moreover, it generates two secret certificate-signing keys; The CAs administering different domains are connected directly to the Repository. Each CA is physically secure and cannot be compromised;

      • A CA uses the first certificate-signing keys, generated by itself, to sign a certificate set for each RSU in its coverage area. Each certificate in the RSU certificate set is shared among a group of RSUs. The CA uses the second certificate-signing key as a partial signing key to generate secret OBU-certificate-signing keys for each RSU;

      • Road-Side Units (RSUs), which are fixed units distributed in the network. RSUs in one domain are connected via Ethernet to the CA responsible for that domain. Moreover, RSUs are responsible for updating the certificates of the OBUs;

      • On-Board Units (OBUs), which can communicate either with other OBUs through Vehicle-to-Vehicle (V2V) communications or with the infrastructure RSUs through Vehicle-to-Infrastructure (V2I) communications. Each OBU is equipped with a Global Positioning Service (GPS) receiver which contains the geographical coordinates of the RSUs. It should be noted that a GPS receiver is necessary for the operation

        of an OBU in VANETs according to the WAVE standard [4];

      • At first time registration, a OBU Object (O-O), a software module, is created on CA which stores both static (long term identity etc.) and dynamic (short term identity, credentials etc.) information about a vehicle (OBU), and then after runs on CA on behalf of vehicle, and refreshed periodically[17].

      • According to the WAVE standard, each network entity is equipped with a tamper-resistant Hardware Security Module (HSM) to store its security materials, e.g., secret keys, certificates, etc.

        Figure. 6: The hierarchical structure of Proposed Scheme

      • An RSU uses the OBU-certificate-signing key to generate short lifetime anonymous certificates for any OBU. The public verification keys can be used by any entity to verify the certificate of any OBU or RSU regardless of the issuer of that certificate. The certificate generation derived from the signature schemes proposed in [14], [15].

      Figure. 7: shows the relations of different keys among the network entities.

      THE PROPOSED SCHEME

      In this section, the proposed scheme is presented in detail.

      1. System Initialization

         The initialization stage is performed by the CA to generate the security keys necessary for the operation of the scheme, and to upload the necessary security keys

         and the required security materials, e.g., keys, certificates, etc., in the tamper-resistant HSM of each OBU and RSU. It should be noted that the initialization stage is performed during the registration of RSUs and OBUs with a CA where in a OBU Object (O-O), a software module, is created on CA. In other words, the initialization stage is performed before triggering any of the VANET services or applications.

      2. OBUs Certificates Update

         The scheme enables an OBU to update its certificate from an RSU. Thus, the scalability of the scheme stems from the distributed certification service compared to the centralized certification service in the classical PKI where an OBU has to contact a CA to update its certificate. Since the scheme depends on the RSUs to update the certificates of the OBUs, the density of RSUs is crucial to the operation of the scheme. In the certificate update process, an RSU generates a number of short lifetime anonymous certificates for an OBU sufficient to secure the communications of the OBU

         until it meets another RSU. The number of generated certificates by an RSU depends on the RSUs density [16].

      3. Certificate Revocation

         To prevent compromised entities from accessing the network the Certificate Revocation List (CRL) method employed in the WAVE standard is adopted [4]. It should be noted that the short lifetime certificates of OBUs will be self revoked after their lifetime expires. The certificates of an entity (OBU or RSU) are added to

         a CRL only if the entity is compromised. When an entity (OBU or RSU) is compromised in one domain, the CA responsible for that domain adds all the certificates of the compromised entity to the current CRL, and broadcasts the new CRL in its domain. Each entity continuously maintains the recently received CRL by removing the certificates with expired validity periods.

      4. Certificate based Message Signature and Verification.

      To satisfy the data authentication and non-repudiation security requirements of VANETs, each entity in the system should be capable of signing and verifying a given message with the corresponding certificate. In this section, we present the basic message signature and verification, followed by the proposed batch verification for message signature and certificate.

      3.5. ALGORITHM

      1. System Initialization.( By CA)

         1. Generate security material: (Require : – Long-Term Identity of CA, N; Number of Certificates initially loaded into HSM of OBU)

            Select random Parameters;

            Set Public and Private keys for CA; Set Master Signing Keys.

            1

            1

            Select a Hash Function 1 {0,1} ; 1}

            Select a Hash Function 2 {0,1} ; 1}

            Store Security Material in CA.

         2. RSU Initialization: (Require Public and Private keys of CA) for all in the Domain of CA do

            Select a random Parameters; Set a pseudo identity;

            Set Public and Private keys for CA; Set OBU Certificate Signing Key; Generate Signature ( Ui, Vi ) Generate Certificate;

            Select validity period of any OBU Certificate.

            Upload Cert., Vperiod & other Security material in HSM. end for

         3. OBU Initialization:

         (Require Certificate and Public/Private keys of RSU;

         IDOBU : Original ID of loaded at Manufacture Time; known to CA )

         for all in the Domain of CA do Check the validity of

         if is invalid then

         Return

         Delivers encry set of certificates using Kmj to OBUm

         OBUm decryptes set of cert using Kmj and verifies & accepts if valid.

         Update OO in CA

         OBUm send its Set of new certificates to CA. CA Refreshes OO

         else

         for r 1 to , CA do

         Select random parameters

         Set Partial Secret Key and Partial Public Key; end for

         return set of Partial Secret and Public Keys to for r 1 to , do

         Select random parameters

         Set Final Secret Key and Final Public Key; end for

         return set of Final Public Keys to CA for r 1 to , CA do

         Select a validity period and a pseudo Id for OBU Generate Signature of OBU ( U,V)

         Generate Certificate of OBU end for

         Upload Cert.,Vperiod &other Security material in HSM. CA creates OBU Object OO containing

         ID of CA; ID of OBU;

         Pseudo ID of OBU; Certificate Set;

         Status and CRL flags with default values 1

         and 0. end if

         end for

         Algorithm for Message Signing & Verifying.

         An OBUm with CERTOBUmi can generate a valid Signature (Um , Vm ) for a given Message M, as:

         Select a random number ;

         Calculate =

      2. OBU Certificate Update:

      = 2 | |

      Mutual Key Agreement and Calculate

      =

      +

      NCERT = TRSU / Vperiod

      TRSU = Avg Dist between RSU / Avg. Speed of OBU When (r>= NCERT -1) &&

      Receives Periodic Broadcast CERTRSUj from

      RSUj.

      OBUm verifies CERTRSUj and

      Any Entity can verify the Signature as:

      Verifythe sender of the message M is valid user and check the time stamp .

      Calculate = 2 | | ; Accept if ,

      , = , +

      If valid

      Similarly any CA/RSU c sign any

      g same process.

      Calculates Kmj using its Skmi & RSUjs Pkj Sends NCERT and CERTOBUmi to RSUj.

      RSUj verifies CERTOBUmi

      Calculates Kmj using its Skj & OBUms Pkmi RSUj generates Ncert partial key pairs ( Skm and Pkm)

      Encrypts (Sk,Pk) using Kmj and sends to OBUm OBUm decrypts (Sk,Pk) using Kmj

      Calculates Ncert final key pairs ( Skm & corresp Pkm).

      Encrypts Pkm with Kmj and sends to RSUj RSUj generates Pseudo Identities using Pkm, and

      Generates a set of Ncert Certificates;

      an Message usin

      Algorithm for Certificate Revocation. For RSU:

      CRL (Certificate Revocation List) method of WAVE standard is used. For OBU:

      Automatic Revoke when validity period is over Signature is not verified.

      Update O-O in CA (Set CRL Flag in O-O).

   2. SECURITY ANALYSIS

      In this section, we evaluate the proposed DCS scheme

      according to the security objectives presented earlier.

      1. Authentication: It can be seen that finding the secret keys , , from the corresponding public keys

         0 , , are instances of the ECDLP problem. For example, to find , we have the following ECDLP problem: given and 0 = , find . In DCS, the authentication of RSUs and OBUs is achieved using digital certificates. For example, the signature of any on the certificate of any [] is ( , ), where =

         , = 2 || , and = + . It can be seen that to forge the certificate of any [], an attacker should know either or . Since is publicly known, finding reduces to finding only which is ECDLP problem as indicated above. Also, since can be easily obtained from the certificate of [] , finding reduces to finding only , which can be formulated as a CDH problem, i.e., given = . The hardness of the CDH problem is closely related to solving the Discrete Logarithm (DL) problem. Similar analogy applies to the OBUs certificates. Since ECDLP and CDH are hard computational problems, i.e., they cannot be solved in a sub-exponential time, the certificates of RSUs and OBUs are unforgeable.

         Since in each communication, an authentication of the sender is performed first, an illegitimate entity cannot communicate with the authentic network users. Also, data authentication is achieved by employing digital signatures, where any message transmitted by any CA, RSU, or OBU has to be signed first. Consequently, any message alteration during the transmission will be detected by the recipient. In clogging attacks, an attacker tries to impersonate a legitimate user, and overwhelms legitimate entities in the network by involving them in a large volume of key exchange or by sending bogus messages. In this scheme, each OBU/RSU authenticates the received messages before being involved in any key exchange or responding to the received message. Since authentication is done first before taking any action, the clogging attacks is hard to launch in the proposed scheme.

      2. Non-repudiation: Non-repudiation is achieved by requiring all the messages exchanged in the network to be digitally signed by its issuer. Similar to the above discussion of the security of RSUs certificates, to forge the signature of on , the attacker has to find either , which is ECDLP problem, or , which is

         CDH problem. Consequently, the signature of any entity

         cannot be forged. In addition, since non-repudiation is guaranteed, the liability requirement is also achieved since users cannot deny the transmission or the content of their messages.

      3. Privacy: In proposed Scheme, privacy is preserved by the following techniques:

      Anonymous authentication: Anonymous authentication is employed in the sense that each OBU has a certificate containing only a pseudo identity, which cannot lead in

      any way to the real identity of the OBU. Furthermore, by deploying anonymous authentication, the DCS scheme can efficiently prevent an adversary from tracking the real identity of the users.

      Frequent certificate update: OBUs certificates have a short-lifetime. As a result, each OBU has to periodically change its certificate, which decreases the probability of being tracked by an external observer.

      Anonymous certificate issuer: Since each RSU certificate is shared among multiple RSUs, the RSU certificate included in each OBU certificate cannot lead to the location where the OBU issued its certificate.

      Although the scheme offers a collation of privacy preserving mechanisms, an observer can still launch a tracking attack on an OBU. However, this tracking attack requires an observer to launch a large number of receivers along the path of the targeted OBU, and the targeted OBU has to move with the same velocity and in the same lane between any pair of adjacent receivers launched by the observer [1]. To protect the OBUs against this tracking of attack, the scheme can be efficiently integrated with Random Encryption Periods (REPs) in which, using group communications, an OBU surrounds itself with an encrypted communication zone to violate the conditions of being tracked by an observer.

   3. PERFORMANCE EVALUATION

      In this section, we evaluate the performance of the proposed scheme from following different aspects.

      1. OBU Certificate Update Delay

         Let denote the time from the moment an OBU requests new certificates from an RSU to the moment it receives the required certificates. We consider the cryptography delay only due to the pairing and point multiplication operations on an elliptic curve as they are the most time consuming operations in the schemes under consideration. Let and denote the time required to perform a pairing operation and a point multiplication, respectively. Which are for an MNT curve with embedding degree = 6 to be equal to

         4.5 , and 0.6 , respectively. It should be noted that the cryptography delay ( ) is part of the certificate update delay ( ) in any of the scheme under consideration.

      2. Successful Certification Ratio

         When an requests certificates from an ,

         should process the request, generate the required certificates, and deliver them to OBUm before OBUm moves out of the communication range of , otherwise, the certificate update process fails. Therefore, if the number of certificate update requests is large, the RSU will not be able to process all the

         requests and some requests may be dropped. To calculate the maximum number of certificates that an RSU can generate within its coverage range, we adopt the following formula = where is the

         maximum number of certificates an RSU can generate

         within its coverage range , is the average speed of the OBUs within , and is the average certificate update delay of the scheme under consideration.

         Successful Certification Ratio (SCR) is the metric usually used to evaluate the efficiency of authentication algorithms. SCR is defined as the ratio of the number of successful certificate generations () to the number of total certificate requests ( ).

         Hence,

         = 1 = >

         In the proposed scheme, the memory requirements for

         and periodic update of can be an overhead, but the same can be tradeoff with the explicit re- registration of OBU with the foreign CA where the whole process of regeneration of security material for the OBU and corresponding RSU materials which goes to be very high

   4. CONCLUSION & FUTURE WORK

      In this paper, a robust distributed certificate scheme for vehiular communications proposed, which offers an efficient distributed algorithm for any OBUs to update or revoke its certificate from the available RSUs in a timely manner. In addition, an OBU Object (O-O) is

      We consider an

      RSU

      with

      = 600

      (corresponding to

      introduced to tackle with short-lived connections.

      omnidirectional communication range with radius 300

      according to DSRC), and the average speed of OBUs is

      = 60 /.

      1. Communication Overhead

      We consider the Tate pairing implementation on an MNT curve with embedding degree 6, where 1 is represented by 161 bits. Accordingly, each point on this MNT curve is represented by 21 . Following tables give each parameter and the corresponding size in bytes for an RSU and OBU certificate. The last column in each table gives the total size of the certificate under consideration.

      RSU Certificate Size :

      OBU Certificate Size :

      According to WAVE, the maximum payload data size in a signed message is 65.6 . Consequently, the ratio of the communication overhead incurred by the proposed scheme to the payload data size is 0.3%, which means that this scheme is feasible with respect to the incurred communication overhead.

      E. OBU Message Signing Delay

      The effect of the message signing delay is alleviated by the fact that an OBU has to disseminate only one signed message every 300 , which means that an OBU has a time window of 300 to prepare a signature on a message. The scheme has a message signing delay of

      1.2 , which can be neglected compared to the time window an OBU has to sign a message.

      F. Additional Memory Requirements

      Therefore, the proposed scheme can significantly reduce the complexity of certificate management, and achieve robustness and scalability, especially when it is deployed in heterogeneous vehicular networks.

      As future work, the proposed scheme is to be implemented using ns-3 or OMNet++ simulator and compare the performance with ECPP and RAISE schemes and the proposed scheme is to be further extended for cross-domain authentication.

   5. REFERENCES

1. M. Raya and J.-P. Hubaux, Securing vehicular ad hoc networks, J. of Computer Security, vol. 15, no. 1, pp. 3968, 2007.

2. J. P. Hubaux, The security and privacy of smart vehicles,

   IEEE Security and Privacy, vol. 2, pp. 4955, 2004.

   Parameter
   Size in Bytes	21	21	21	8	21	92

   Parameter
   Size in Bytes	21	21	21	8	21	92

3. Panagiotis Papadimitratos, Levente Buttyan and Tamás Holczer, Elmar Schoch, Julien Freudiger and Maxim Raya, Zhendong Ma and Frank Kargl, Antonio Kung, Jean-Pierre Hubaux, Secure Vehicular Communication Systems: Design and Architecture IEEE Communications Magazine November 2008

   Parameter							en
   Size in Bytes	21	21	21	4	8	92	m 167 [5

   Parameter							en
   Size in Bytes	21	21	21	4	8	92	m 167 [5

4. IEEE trial-use standard for wireless access in vehicular vironments – security services for applications and management essages, IEEE Std 1609.2-2006, 2006.

] 5.9 GHz DSRC. [Online]. Available: http://grouper.ieee.org/groups/scc32/dsrc/index.html.

1. X. Lin, X. Sun, P.-H. Ho, and X. Shen, GSIS: A secure and privacy-preserving protocol for vehicular communications, IEEE Transactions on Vehicular Technology, vol. 56, pp. 34423456, 2007.

2. D. Boneh, X. Boyen, and H. Shacham, Short group signatures, Proc. Crypto, LNCS, vol. vol. 3152, pp. 4155, 2004.

3. R. Lu, X. Lin, H. Zhu, P.-H. Ho, and X. Shen, ECPP: Efficient conditional privacy preservation protocol for secure vehicular communications, Proc. INFOCOM 2008, pp. 12291237, 2008.

4. Y. Jiang, M. Shi, X. Shen, and C. Lin, BAT: a robust signature scheme for vehicular networks using binary authentication tree, IEEE Transactions on Wireless Communications, vol. 8, no. 4, pp. 1974 1983, 2009.

5. D. Boneh and M. K. Franklin, Identity-based encryption from the Weil pairing, Proc. 21st Annual Inter. Cryptology Conf. on Advances in Cryptology, pp. 213229, 2001.

6. D. Boneh, B. Lynn, and H. Shacham, Short signatures from the Weil pairing, J. of Cryptology, vol. 17, no. 4, pp. 297319, 2004.

7. M. Scott, Computing the Tate pairing, Topics in Cryptology, Springer, pp. 293304, 2005.

8. A. Miyaji, M. Nakabayashi, and S. Takano, New explicit conditions of elliptic curve traces for FR-Reductions. IEIC Technical

   Report, vol. 100, no. 323(ISEC2000 58-67), pp. 99108, 2000.

9. S. Al-Riyami and K. Paterson, Certificateless public key cryptography, Proc. Advances in Cryptology – ASIACRYPT 2003, pp. 452473, 2003.

10. X. Huang, W. Susilo, Y. Mu, and F. Zhang, On the security of certificateless signature schemes from asiacrypt 2003, Proc. 4th Inter. Conf. on CANS, LNCS, vol. 3810, Springer Verlag, pp. 1325, 2005.

11. Albert Wasef, Yixin Jiang, Xuemin (Sherman) Shen, DCS: An Efficient Distributed Certificate Service Scheme for Vehicular Networks, Wasef, IEEE Transactions on Vehicular Technology, vol. 59, no. 2, 2010, pp. 533.

12. V. Casola, J. Luna, A. Mazzeo, M. Medina, M. Rak, and J. Serna, An Interoperability System for Authentication and Authorization in VANETs. In International Journal of Autonomous and Adaptive Communications Systems , vol. 3, no. 2, 2010, pp. 115 135.