By Topic

Efficient Certificate Revocation List Organization and Distribution

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Jason J. Haas ; University of Illinois at Urbana-Champaign ; Yih-Chun Hu ; Kenneth P. Laberteaux

In this paper, we propose a lightweight mechanism for revoking security certificates that is appropriate for the limited bandwidth and hardware cost constraints of a VANET. A Certificate Authority (CA) issues certificates to trusted nodes, i.e., vehicles. If the CA looses trust in a vehicle (e.g., due to evidence of malfunction or malicious behavior), the CA must promptly revoke the certificates of the distrusted vehicle. To distribute revocation information quickly even during incremental deployment, we propose that CAs use Certificate Revocation Lists (CRLs). The CRL should be composed in a secure manner, and it should be exchanged in a way such that the CRL is both quickly and widely distributed. We previously proposed a mechanism for the quick distribution of CRL updates that also covers a wide area by using vehicle-to-vehicle (V2V) communication . In this paper, we additionally investigate the performance of V2V communication in partial deployment scenarios, that is, where only a certain percentage of vehicles are equipped with VANET radios. We provide simulation results that show our V2V exchange mechanism is quicker than distributing CRLs or CRL updates through road-side units (RSUs) alone. However, this revocation process, which involves both the CA and vehicles, must conform to the aforementioned bandwidth and hardware restrictions. In this paper, we present mechanisms that achieve the goals of reduced CRL size, a computationally efficient mechanism for determining if a certificate is on the CRL, and a lightweight mechanism for exchanging CRL updates. Additionally, we expand on our previous work to provide privacy to revoked vehicles prior to their revocation.

Published in:

IEEE Journal on Selected Areas in Communications  (Volume:29 ,  Issue: 3 )