Cryptology ePrint Archive: Report 2018/788

Privacy-preserving certificate linkage/revocation in VANETs without Linkage Authorities

Marcos A. Simplicio Jr. and Eduardo Lopes Cominetti and Harsh Kupwade Patil and Jefferson E. Ricardini and Leonardo T. D. Ferraz and Marcos Vinicius M. Silva

Abstract: Vehicular communication (V2X) technologies are expected to be common in the future, providing better transportation safety and efficiency. However, their large-scale deployment requires addressing some challenges. In particular, to prevent abuse by drivers and by the system itself, V2X architectures must: (1) ensure the authenticity of messages, which is usually accomplished by means of digital certification; and (2) preserve the privacy of honest users, so owners of non-revoked certificates cannot be easily identified or tracked by eavesdroppers. A promising solution for managing V2X-oriented certificates in an efficient manner is the Security Credential Management System (SCMS), which is among the main candidates for standardization in the United States. In this paper, aiming to enhance and address issues in the SCMS architecture, we provide three main contributions. First, we describe and fix two birthday attacks against SCMS's certificate revocation process, thus preventing the system's security degradation with the number of issued and revoked certificates. In addition, we describe a mechanism for improving the flexibility of revocation, allowing certificates and their owner's privacy to be temporarily revoked in an efficient manner; this functionality is useful, for example, in case of vehicle theft or kidnapping. Finally, we propose a method that simplifies SCMS's system architecture, removing the need for the so-called Linkage Authorities (LAs); this not only results in cost reductions for SCMS's implementation, but also improves its security and privacy due to the removal of one potential point of failure/collusion.

Category / Keywords: applications / Vehicular communications, Security, Security credential management system (SCMS), Revocable privacy, Birthday attacks, Linkage Authority free.

Original Publication (with major differences): IEEE Transactions on Intelligent Transportation Systems
DOI:
10.1109/TITS.2020.2981907

Date: received 27 Aug 2018, last revised 6 Apr 2020

Contact author: mjunior at larc usp br

Available format(s): PDF | BibTeX Citation

Note: This is an earlier, more complete version of the published manuscript. It has been updated with the latest performance results, as well as some additional details regarding (1) the assumed security model and (2) architecture cost analysis.

Version: 20200406:174213 (All versions of this report)

Short URL: ia.cr/2018/788


[ Cryptology ePrint archive ]