Abstract
A Vehicle-to-Everything (V2X) communications safety system requires that people using a safety device can trust the information presented to them. To this end, each receiving device must be able to tell whether messages received over the air interface come from a trustworthy source and have not been tampered with during transmission. This trust relation needs to be established as soon as two devices receive messages from each other. At the same time, users care about privacy and will unlikely accept the system if it allows for tracking of an individual device. Providing both security and privacy to the utmost extent reasonable and possible is the primary challenge and design goal of the Security Credential Management System (SCMS) presented in this chapter. The Crash Avoidance Metrics Partnership (CAMP) under a Cooperative Agreement with the USDOT designed and developed the SCMS for vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications. The design builds on public key infrastructure (PKI) principles and issues digital certificates to participating devices (vehicles and infrastructure nodes) for trustful communication among them, which is necessary for safety and mobility applications based on V2X communications. Standard solutions from literature, such as group signature schemes and management schemes for symmetric keys, do not meet the requirements of a V2X communications system. We briefly review these well-known schemes and show where they do not meet these criteria.
The SCMS supports four primary use cases, namely bootstrapping, certificate provisioning, misbehavior reporting, and revocation. Devices use pseudonym certificates to sign their messages, and multiple organizations are involved in the generation and provisioning of those certificates to achieve a reasonable level of privacy. One of the main challenges is to facilitate efficient revocation of misbehaving or malfunctioning vehicles, while at the same time preserving privacy against attacks from insiders. We present a revocation process which actively informs the fleet about misbehaving devices and is very efficient regarding revoking a high number of pseudonym certificates with only a small amount of data signaled over the air. Another challenge is to handle certificate authority revocations without requiring all affected devices to come back to dealerships or get updated in some form of secure environment. We present an approach called Elector-based Root Management to minimize the impact on devices.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bißmeyer, N. et al., 2011. A generic public key infrastructure for securing car-to-x communication. s.l., s.n.
ETSI, 2010a. TR 102 893 V1.1.1 (2010-03) Intelligent Transport Systems (ITS); Security; Threat, Vulnerability and Risk Analysis (TVRA), s.l.: s.n.
ETSI, 2010b. TS 102 731V1.1.1 (2010-09) Intelligent Transport Systems (ITS); Security; Security Services and Architecture., s.l.: s.n.
ETSI, 2012. TS 102 867 v1.1.1 (2012-06) Intelligent Transportation Systems (ITS); Security; Stage 3 mapping for IEEE 1609.2., s.l.: s.n.
IEEE Vehicular Technology Society, 2013. 1609.2. Annex E.4.1: Why sign data instead of using a message authentication code?, s.l.: s.n.
Kung, A., 2008. Secure Vehicle Communication. Security Architecture and Mechanisms for V2V/V2I., s.l.: s.n.
USDOT, 2006. Vehicle Safety Communications Project. Final Report 2006. Appendix H, s.l.: U.S. Department of Transportation, National Highway Traffic Safety Administration.
Brecht, B. et al., 2018. A Security Credential Management System for V2X Communications. IEEE Transactions on Intelligent Transport Systems.
Whyte, W., Weimerskirch, A., Kumar, V. & Hehn, T., 2013. A security credential management system for V2V communications. s.l., s.n., pp. 1–8.
USDOT, U. S. D. o. T. -. I. J. P. O., 2016. Connected Vehicle Pilot Deployment Program. [Online] Available at: https://www.its.dot.gov/pilots/ [Accessed 16 October 2017].
Saltzer, J. H. & Schroeder, M. D., 1975. The Protection of Information in Computer Systems. Proceedings of the IEEE 63, September, 63(9), pp. 1278–1308.
Cavoukian, A., 2011. Privacy by Design. The 7 Foundational Principles., s.l.: s.n.
Dierks, T. & Rescorla, E., 2008. RFC 5246 - The Transport Layer Security (TLS) Protocol, s.l.: IETF - Network Working Group.
IEEE, 2016. IEEE Std 1609.2-2016 - IEEE Standard for Wireless Access in Vehicular Environments–Security Services for Applications and Management Messages, s.l.: IEEE.
Chaum, D. & Van Heyst, E., 1991. Group Signatures. s.l., Springer, pp. 257–265.
Manulis, M. et al., 2012. Group Signatures: Authentication with Privacy, s.l.: s.n.
Carter, J. & Zhang, J., 2015. Analysis of Vehicle-Based Security Operations. Gothenburg, Sweden, s.n.
Boneh, D., Boyen, X. & Shacham, H., 2004. Short Group Signatures. s.l., Springer, pp. 41–55.
Calandriello, G., Papdimimitratos, P., Hubaux, J.-P. & Lioy, A., 2011. On the Performance of Secure Vehicular Communication Systems. s.l., IEEE, pp. 898–912.
Malina, L. et al., 2015. Efficient group signatures for privacy-preserving vehicular networks. Telecommunication Systems, 58(4), pp. 293–311.
Carter, J. & Paul, N., 2016. Towards a Scalable Group Vehicle-based Security System. Ann Arbor, MI, USA, s.n.
Ateniese, G., Song, D. & Tsudik, G., 2003. Quasi-Efficient Revocation of Group Signatures. s.l., Springer, pp. 183–197.
Boneh, D. & Shacham, H., 2004. Group Signatures with Verifier-Local Revocation. s.l., ACM, pp. 168–177.
Camenisch, J. & Lysyanskaya, A., 2001. Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials. s.l., Springer, pp. 257–265.
Nakanishi, T. & Funabiki, N., 2005. A Short Verifier-Local Revocation Group Signature Scheme with Backward Unlinkability from Bilinear Maps. s.l., Springer, pp. 533–548.
Douceur, J. R., 2002. The Sybil Attack. London, UK, UK, Springer-Verlag, pp. 251–260.
Acknowledgements
The authors of this chapter have contributed to the SCMS, but they rather see themselves as SCMS ambassadors than its inventors. The SCMS is a culmination of efforts by many parties and people. This includes members of the US Department of Transportation (USDOT), the Crash Avoidance Metric Partnership Vehicle Safety Consortium (CAMP) and the Vehicle Infrastructure Integration Consortium (VIIC). Its primary designer is the Vehicle Communications Security Team at CAMP, which mainly consists of representatives of vehicle manufacturers and security experts from industry and academia.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Brecht, B., Hehn, T. (2019). A Security Credential Management System for V2X Communications. In: Miucic, R. (eds) Connected Vehicles. Wireless Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-94785-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-94785-3_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-94784-6
Online ISBN: 978-3-319-94785-3
eBook Packages: EngineeringEngineering (R0)