Efficient certificate revocation list organization and distribution

Jason J. Haas, Yih-Chun Hu, Kenneth P. Laberteaux

Research output: Contribution to journalArticle

Abstract

In this paper, we propose a lightweight mechanism for revoking security certificates that is appropriate for the limited bandwidth and hardware cost constraints of a VANET. A Certificate Authority (CA) issues certificates to trusted nodes, i.e., vehicles. If the CA looses trust in a vehicle (e.g., due to evidence of malfunction or malicious behavior), the CA must promptly revoke the certificates of the distrusted vehicle. To distribute revocation information quickly even during incremental deployment, we propose that CAs use Certificate Revocation Lists (CRLs). The CRL should be composed in a secure manner, and it should be exchanged in a way such that the CRL is both quickly and widely distributed. We previously proposed a mechanism for the quick distribution of CRL updates that also covers a wide area by using vehicle-to-vehicle (V2V) communication. In this paper, we additionally investigate the performance of V2V communication in partial deployment scenarios, that is, where only a certain percentage of vehicles are equipped with VANET radios. We provide simulation results that show our V2V exchange mechanism is quicker than distributing CRLs or CRL updates through road-side units (RSUs) alone. However, this revocation process, which involves both the CA and vehicles, must conform to the aforementioned bandwidth and hardware restrictions. In this paper, we present mechanisms that achieve the goals of reduced CRL size, a computationally efficient mechanism for determining if a certificate is on the CRL, and a lightweight mechanism for exchanging CRL updates. Additionally, we expand on our previous work to provide privacy to revoked vehicles prior to their revocation.

Original languageEnglish (US)
Article number5719271
Pages (from-to)595-604
Number of pages10
JournalIEEE Journal on Selected Areas in Communications
Volume29
Issue number3
DOIs
StatePublished - Mar 1 2011

Fingerprint

Vehicle to vehicle communications
Hardware
Bandwidth
Radio receivers
Communication
Costs

Keywords

  • CRL
  • Certificate revocation list
  • Revocation
  • Security
  • VANET
  • Vehicular networks

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Cite this

Efficient certificate revocation list organization and distribution. / Haas, Jason J.; Hu, Yih-Chun; Laberteaux, Kenneth P.

In: IEEE Journal on Selected Areas in Communications, Vol. 29, No. 3, 5719271, 01.03.2011, p. 595-604.

Research output: Contribution to journalArticle

@article{5171c3e13ae74e518f5e2b43875ae322,
title = "Efficient certificate revocation list organization and distribution",
abstract = "In this paper, we propose a lightweight mechanism for revoking security certificates that is appropriate for the limited bandwidth and hardware cost constraints of a VANET. A Certificate Authority (CA) issues certificates to trusted nodes, i.e., vehicles. If the CA looses trust in a vehicle (e.g., due to evidence of malfunction or malicious behavior), the CA must promptly revoke the certificates of the distrusted vehicle. To distribute revocation information quickly even during incremental deployment, we propose that CAs use Certificate Revocation Lists (CRLs). The CRL should be composed in a secure manner, and it should be exchanged in a way such that the CRL is both quickly and widely distributed. We previously proposed a mechanism for the quick distribution of CRL updates that also covers a wide area by using vehicle-to-vehicle (V2V) communication. In this paper, we additionally investigate the performance of V2V communication in partial deployment scenarios, that is, where only a certain percentage of vehicles are equipped with VANET radios. We provide simulation results that show our V2V exchange mechanism is quicker than distributing CRLs or CRL updates through road-side units (RSUs) alone. However, this revocation process, which involves both the CA and vehicles, must conform to the aforementioned bandwidth and hardware restrictions. In this paper, we present mechanisms that achieve the goals of reduced CRL size, a computationally efficient mechanism for determining if a certificate is on the CRL, and a lightweight mechanism for exchanging CRL updates. Additionally, we expand on our previous work to provide privacy to revoked vehicles prior to their revocation.",
keywords = "CRL, Certificate revocation list, Revocation, Security, VANET, Vehicular networks",
author = "Haas, {Jason J.} and Yih-Chun Hu and Laberteaux, {Kenneth P.}",
year = "2011",
month = "3",
day = "1",
doi = "10.1109/JSAC.2011.110309",
language = "English (US)",
volume = "29",
pages = "595--604",
journal = "IEEE Journal on Selected Areas in Communications",
issn = "0733-8716",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "3",

}

TY - JOUR

T1 - Efficient certificate revocation list organization and distribution

AU - Haas, Jason J.

AU - Hu, Yih-Chun

AU - Laberteaux, Kenneth P.

PY - 2011/3/1

Y1 - 2011/3/1

N2 - In this paper, we propose a lightweight mechanism for revoking security certificates that is appropriate for the limited bandwidth and hardware cost constraints of a VANET. A Certificate Authority (CA) issues certificates to trusted nodes, i.e., vehicles. If the CA looses trust in a vehicle (e.g., due to evidence of malfunction or malicious behavior), the CA must promptly revoke the certificates of the distrusted vehicle. To distribute revocation information quickly even during incremental deployment, we propose that CAs use Certificate Revocation Lists (CRLs). The CRL should be composed in a secure manner, and it should be exchanged in a way such that the CRL is both quickly and widely distributed. We previously proposed a mechanism for the quick distribution of CRL updates that also covers a wide area by using vehicle-to-vehicle (V2V) communication. In this paper, we additionally investigate the performance of V2V communication in partial deployment scenarios, that is, where only a certain percentage of vehicles are equipped with VANET radios. We provide simulation results that show our V2V exchange mechanism is quicker than distributing CRLs or CRL updates through road-side units (RSUs) alone. However, this revocation process, which involves both the CA and vehicles, must conform to the aforementioned bandwidth and hardware restrictions. In this paper, we present mechanisms that achieve the goals of reduced CRL size, a computationally efficient mechanism for determining if a certificate is on the CRL, and a lightweight mechanism for exchanging CRL updates. Additionally, we expand on our previous work to provide privacy to revoked vehicles prior to their revocation.

AB - In this paper, we propose a lightweight mechanism for revoking security certificates that is appropriate for the limited bandwidth and hardware cost constraints of a VANET. A Certificate Authority (CA) issues certificates to trusted nodes, i.e., vehicles. If the CA looses trust in a vehicle (e.g., due to evidence of malfunction or malicious behavior), the CA must promptly revoke the certificates of the distrusted vehicle. To distribute revocation information quickly even during incremental deployment, we propose that CAs use Certificate Revocation Lists (CRLs). The CRL should be composed in a secure manner, and it should be exchanged in a way such that the CRL is both quickly and widely distributed. We previously proposed a mechanism for the quick distribution of CRL updates that also covers a wide area by using vehicle-to-vehicle (V2V) communication. In this paper, we additionally investigate the performance of V2V communication in partial deployment scenarios, that is, where only a certain percentage of vehicles are equipped with VANET radios. We provide simulation results that show our V2V exchange mechanism is quicker than distributing CRLs or CRL updates through road-side units (RSUs) alone. However, this revocation process, which involves both the CA and vehicles, must conform to the aforementioned bandwidth and hardware restrictions. In this paper, we present mechanisms that achieve the goals of reduced CRL size, a computationally efficient mechanism for determining if a certificate is on the CRL, and a lightweight mechanism for exchanging CRL updates. Additionally, we expand on our previous work to provide privacy to revoked vehicles prior to their revocation.

KW - CRL

KW - Certificate revocation list

KW - Revocation

KW - Security

KW - VANET

KW - Vehicular networks

UR - http://www.scopus.com/inward/record.url?scp=79951987763&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79951987763&partnerID=8YFLogxK

U2 - 10.1109/JSAC.2011.110309

DO - 10.1109/JSAC.2011.110309

M3 - Article

AN - SCOPUS:79951987763

VL - 29

SP - 595

EP - 604

JO - IEEE Journal on Selected Areas in Communications

JF - IEEE Journal on Selected Areas in Communications

SN - 0733-8716

IS - 3

M1 - 5719271

ER -