Paper 2017/744

Binary Hash Tree based Certificate Access Management

Virendra Kumar, Jonathan Petit, and William Whyte

Abstract

We present a certificate access management system to support the USDOT's proposed rule on Vehicle-to-Vehicle (V2V) communications, Federal Motor Vehicle Safety Standard (FMVSS) No.~150. Our proposal, which we call Binary Hash Tree based Certificate Access Management (BCAM) eliminates the need for vehicles to have bidirectional connectivity with the Security Credential Management System (SCMS) for certificate update. BCAM significantly improves the ability of the SCMS to manage large-scale software and/or hardware compromise events. Vehicles are provisioned at the start of their lifetime with all the certificates they will need. However, certificates and corresponding private key reconstruction values are provided to the vehicle encrypted, and the keys to decrypt them are only made available to the vehicles shortly before the start of the validity periods of those certificates. Vehicles that are compromised can be effectively removed from the V2V system by preventing them from decrypting the certificates. We demonstrate that the system is feasible with a broadcast channel for decryption keys and other revocation information, even if that channel has a relatively low capacity.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Minor revision. Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2017
DOI
10.1145/3098243.3098257
Keywords
Binary treecertificateaccess managementrevocationconnected vehiclesSCMS.
Contact author(s)
vkumar @ onboardsecurity com
History
2017-08-07: received
Short URL
https://ia.cr/2017/744
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/744,
      author = {Virendra Kumar and Jonathan Petit and William Whyte},
      title = {Binary Hash Tree based Certificate Access Management},
      howpublished = {Cryptology ePrint Archive, Paper 2017/744},
      year = {2017},
      doi = {10.1145/3098243.3098257},
      note = {\url{https://eprint.iacr.org/2017/744}},
      url = {https://eprint.iacr.org/2017/744}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.