Implementation and Evaluation of Certificate Revocation List Distribution for Vehicular Ad-
hoc NetworksPetra Ardelean
Advisor: Panos Papadimitratos
Vehicular Ad-hoc Network (VANET) Designed to provide safety and comfort for
passengers
Using asymmetric cryptography Certificate Authority (CA) issues certificates Signature verification using the public key
2
Problem description
CRLs are needed for Excluding compromised, faulty or illegitimate
nodes Preventing the use of compromised cryptographic
material
How to distribute large CRLs in a reasonable time with low bandwidth utilization?
3
State of the art (1)
Papadimitratos et al, Certificate Revocation List Distribution in Vehicular Communication Systems [1]
The CA uses the infrastructure (RSUs) to send the
CRLs to the vehicles
Use encoding mechanisms for redundancy
4
State of the art (2)
K. Laberteaux et al, Security Certificate Revocation List Distribution for VANET [2]
RSUs used as the first phase of the dissemination
Vehicles broadcast CRL updates to other vehicles
5
State of the art (3)
P. Papadimitratos et al, Secure Vehicular Communications: Design and Architecture [3]
Revocation Protocol of the Tamper-Proof Device
(RTPD)
Revocation Protocol using Compressed Certificate
Revocation (RCCRL)
Distributed Revocation Protocol (DRP)
6
General concept
CRL Distribution System
RSU3 RSU2 RSU1
Random encoded pieces
Random encoded pieces
Random encoded pieces
7
CRL Distribution System
CA
(1) Generate CRL
(2) Encode the CRL
(3) Sign each piece from (2)
Network Communication
(1) Compute how many pieces from (3) should be sent to each RSU
(2) Send the pieces to the RSUs
8
The Encoding
…CRL M parts
CRLversion
Timestamp
Sequencenumber
CAID
Encoded CRL piece
Signature CA private key
Packet format sent to the RSUs
…
Rabin’s algorithm
N pieces,
N > M
Encoded CRL
9
Packet format sent to the RSUs
1. Verify signature
2. Store CRL piece
3. If enough pieces stored, decode, i.e. reconstruct the CRL
CRLversion
Timestamp
Sequencenumber
CAID
Encoded CRL piece
Signature CA private key
10
Vehicle – Receiving CRLs
Implementation
C++ implementation
Using openSSL cryptographic library for
Generating the CRLs
Signing and verifying the encoded pieces
Using Rabin’s algorithm as an erasure code
11
ImplementationNetwork Communication
Configuration file with the RSUs IP
addresses
Source routing to send random pieces to
each RSU
Encoded pieces sent in UDP packets
12
Rabin’s algorithm - Encoding
13
M M M M
BNxM
A X =N x L
WM x L
CRL
Rabin’s algorithm - Decoding
14
W’ M x LA’
M x M
-1
X = B M x L
CRL
Evaluation Settings (1)
15
random encoded pieces
random encoded pieces
random encoded pieces
CRL Distribution System
RSU
RSU
RSU
Evaluation Settings (2)
16
Laptop configuration
CPU Intel 1.8 GHz
Operating System Linux
Library OpenSSL 0.9.8g
Compiler gcc 4.1.2
Wireless card 802.11b
AP configuration
Bit rate 5.5 Mbps
Evaluation Purposes
Examine the system performance by
varying the CRL size
varying the encoding vectors number and length
17
Evaluation Results (1)
Figures
show 95% confidence intervals
100 iteration for each experiment
M and N variations
M Є [25,100], increasing by 25
N chosen as the redundancy factor is r = N/M is 1.5
Velocity 3 km/h
18
Evaluation Results (2)
19
Evaluation Results (2)
20
Evaluation Results (2)
The encoding vectors should be chosen
in concordance with the CRL size
21
Evaluation Results (3)
22
Evaluation Results (3)
The time to reconstruct the original
CRL is inverse proportional with the
redundancy factor
23
Conclusion
First implementation of a CRL distribution
system for VANET
Performance measurements conducted on
the system
24
Further work
Compare the experimental results with
simulation results
Integrate the CRL Distribution system into the
Vehicular Communication project
25
Thank you
Questions?
26
Bibliography
[1] P. Papadimitratos, G. Mezzour, and J.-P. Hubaux, Certificate Revocation List Distribution in Vehicular Communication Systems, short paper, ACM VANET 2008, San Francisco, CA, USA, September 2008
[2] K. Laberteaux, J. Haas, and Y-C Hu, Security Certicate Revocation List Distribution for VANET, ACM VANET, San Francisco, CA, USA, September 2008
[3] P. Papadimitratos, L. Buttyan, T. Holczer, E. Schoch, J. Freudiger, M. Raya, Z. Ma, F. Kargl, A. Kung, and J.-P. Hubaux, Secure Vehicular Communications: Design and Architecture, IEEE Communications Magazine, November 2008
27
Top Related