Implementation and Evaluation of Certificate Revocation List Distribution for Vehicular Ad-

hoc NetworksPetra Ardelean

Advisor: Panos Papadimitratos

Vehicular Ad-hoc Network (VANET) Designed to provide safety and comfort for

passengers

Using asymmetric cryptography Certificate Authority (CA) issues certificates Signature verification using the public key

2

Problem description

CRLs are needed for Excluding compromised, faulty or illegitimate

nodes Preventing the use of compromised cryptographic

material

How to distribute large CRLs in a reasonable time with low bandwidth utilization?

3

State of the art (1)

Papadimitratos et al, Certificate Revocation List Distribution in Vehicular Communication Systems [1]

The CA uses the infrastructure (RSUs) to send the

CRLs to the vehicles

Use encoding mechanisms for redundancy

4

State of the art (2)

K. Laberteaux et al, Security Certificate Revocation List Distribution for VANET [2]

RSUs used as the first phase of the dissemination

Vehicles broadcast CRL updates to other vehicles

5

State of the art (3)

P. Papadimitratos et al, Secure Vehicular Communications: Design and Architecture [3]

Revocation Protocol of the Tamper-Proof Device

(RTPD)

Revocation Protocol using Compressed Certificate

Revocation (RCCRL)

Distributed Revocation Protocol (DRP)

6

General concept

CRL Distribution System

RSU3 RSU2 RSU1

Random encoded pieces

Random encoded pieces

Random encoded pieces

7

CRL Distribution System

CA

(1) Generate CRL

(2) Encode the CRL

(3) Sign each piece from (2)

Network Communication

(1) Compute how many pieces from (3) should be sent to each RSU

(2) Send the pieces to the RSUs

8

The Encoding

…CRL M parts

CRLversion

Timestamp

Sequencenumber

CAID

Encoded CRL piece

Signature CA private key

Packet format sent to the RSUs

…

Rabin’s algorithm

N pieces,

N > M

Encoded CRL

9

Packet format sent to the RSUs

1. Verify signature

2. Store CRL piece

3. If enough pieces stored, decode, i.e. reconstruct the CRL

CRLversion

Timestamp

Sequencenumber

CAID

Encoded CRL piece

Signature CA private key

10

Vehicle – Receiving CRLs

Implementation

C++ implementation

Using openSSL cryptographic library for

Generating the CRLs

Signing and verifying the encoded pieces

Using Rabin’s algorithm as an erasure code

11

ImplementationNetwork Communication

Configuration file with the RSUs IP

addresses

Source routing to send random pieces to

each RSU

Encoded pieces sent in UDP packets

12

Rabin’s algorithm - Encoding

13

M M M M

BNxM

A X =N x L

WM x L

CRL

Rabin’s algorithm - Decoding

14

W’ M x LA’

M x M

-1

X = B M x L

CRL

Evaluation Settings (1)

15

random encoded pieces

random encoded pieces

random encoded pieces

CRL Distribution System

RSU

RSU

RSU

Evaluation Settings (2)

16

Laptop configuration

CPU Intel 1.8 GHz

Operating System Linux

Library OpenSSL 0.9.8g

Compiler gcc 4.1.2

Wireless card 802.11b

AP configuration

Bit rate 5.5 Mbps

Evaluation Purposes

Examine the system performance by

varying the CRL size

varying the encoding vectors number and length

17

Evaluation Results (1)

Figures

show 95% confidence intervals

100 iteration for each experiment

M and N variations

M Є [25,100], increasing by 25

N chosen as the redundancy factor is r = N/M is 1.5

Velocity 3 km/h

18

Evaluation Results (2)

19

Evaluation Results (2)

20

Evaluation Results (2)

The encoding vectors should be chosen

in concordance with the CRL size

21

Evaluation Results (3)

22

Evaluation Results (3)

The time to reconstruct the original

CRL is inverse proportional with the

redundancy factor

23

Conclusion

First implementation of a CRL distribution

system for VANET

Performance measurements conducted on

the system

24

Further work

Compare the experimental results with

simulation results

Integrate the CRL Distribution system into the

Vehicular Communication project

25

Thank you

Questions?

26

Bibliography

[1] P. Papadimitratos, G. Mezzour, and J.-P. Hubaux, Certificate Revocation List Distribution in Vehicular Communication Systems, short paper, ACM VANET 2008, San Francisco, CA, USA, September 2008

[2] K. Laberteaux, J. Haas, and Y-C Hu, Security Certicate Revocation List Distribution for VANET, ACM VANET, San Francisco, CA, USA, September 2008

[3] P. Papadimitratos, L. Buttyan, T. Holczer, E. Schoch, J. Freudiger, M. Raya, Z. Ma, F. Kargl, A. Kung, and J.-P. Hubaux, Secure Vehicular Communications: Design and Architecture, IEEE Communications Magazine, November 2008

27