Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Efficient authorization authority certificate distribution in VANETs

: Bittl, Sebastian; Roscher, Karsten

Postprint urn:nbn:de:0011-n-3834307 (197 KByte PDF)
MD5 Fingerprint: dcb0a5111f0e2bec1f4708e68df220cc
Created on: 7.4.2016

Institute for Systems and Technologies of Information, Control and Communication -INSTICC-, Setubal:
ICISSP 2016, 2nd International Conference on Information Systems Security and Privacy. Proceedings : Rome, Italy, 19 - 21 February 2016; held in conjunction with MODELSWARD 2016 and SENSORNETS 2016
SciTePress, 2016
ISBN: 978-989-758-167-0
International Conference on Information Systems Security and Privacy (ICISSP) <2, 2016, Rome>
International Conference on Model-Driven Engineering and Software Development (MODELSWARD) <4, 2016, Rome>
International Conference on Sensor Networks (SENSORNETS) <5, 2016, Rome>
Conference Paper, Electronic Publication
Fraunhofer ESK ()
certificate distribution; vehicular ad hoc network; VANET; security; Car2X; Car-to-X; automotive connectivity

Car-to-X communication systems are about to enter the mass market in upcoming years. Security in these networks depends on digital signatures managed by a multi-level certificate hierarchy. Thereby, certificate distribution is critical in regard to channel utilization and data reception delay via security caused packet loss. These issues are even more significant in case not only pseudonym certificates but also authorization authority certificates have to be exchanged between nodes in the VANET. Prior work has not studied distribution of the elements of a multi-levelcertificate chain in detail. Hence, this work provides an analysis of the currently standardized mechanisms and identifies several drawbacks of the straight forward solution proposed so far. Thereby, we find a severe denial of service attack on that solution. Moreover, the distribution problem is found to be similar to the packet forwarding problem encountered in position-based routing. Thus, we study several strategies for efficient distribution of a certificate chain in regard to channel lad, which are adapted from their counterparts in position-based routing. Thereby, we find that by combining pseudonym certificate buffering with requester based responder selection the requirement for certificate chain distribution in VANETs can be removed completely. Hence, the proposed design avoids the identified denial of service weakness and reduces the worst case size of the security envelope of VANET messages by more than a third.