Efficient distribution of certificate chains in VANETs

Wireless car-to-X communication technology is about to enter the mass market within the next years. Thereby, security in created vehicular ad-hoc networks depends on digital signatures managed by a multi-level certificate hierarchy. Certificate distribution is critical in regard to channel usage and delay of data reception via security caused packet loss. These issues are even more significant in case not only pseudonym certificates, but also certificate authority certificates, have to be exchanged between nodes on demand. Prior work has not treated dissemination of higher level elements from a multi-level certificate chain in detail. Thus, this work provides a study on the recently standardized algorithms. Several drawbacks of the straight forward solution taken so far are identified, which include severe denial of service weaknesses. Solutions to the distribution problem are found to be similar to the ones of the packet forwarding problem encountered in position-based routing. Hence, we study several algorithms for efficient distribution of a certificate chain in regard to channel load, which are adapted from their counterparts in position-based routing. Thereby, a combination of pseudonym certificate buffering with requester based responder selection is found to be able to completely remove the requirement for certificate chain distribution in VANETs. The introduced design avoids the found denial of service weakness, while decreasing the worst case size of the security envelope of VANET messages by more than a third at the same time.