A Security Credential Management System for V2X Communications

  • Benedikt BrechtEmail author
  • Thorsten Hehn
Part of the Wireless Networks book series (WN)


A Vehicle-to-Everything (V2X) communications safety system requires that people using a safety device can trust the information presented to them. To this end, each receiving device must be able to tell whether messages received over the air interface come from a trustworthy source and have not been tampered with during transmission. This trust relation needs to be established as soon as two devices receive messages from each other. At the same time, users care about privacy and will unlikely accept the system if it allows for tracking of an individual device. Providing both security and privacy to the utmost extent reasonable and possible is the primary challenge and design goal of the Security Credential Management System (SCMS) presented in this chapter. The Crash Avoidance Metrics Partnership (CAMP) under a Cooperative Agreement with the USDOT designed and developed the SCMS for vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications. The design builds on public key infrastructure (PKI) principles and issues digital certificates to participating devices (vehicles and infrastructure nodes) for trustful communication among them, which is necessary for safety and mobility applications based on V2X communications. Standard solutions from literature, such as group signature schemes and management schemes for symmetric keys, do not meet the requirements of a V2X communications system. We briefly review these well-known schemes and show where they do not meet these criteria.

The SCMS supports four primary use cases, namely bootstrapping, certificate provisioning, misbehavior reporting, and revocation. Devices use pseudonym certificates to sign their messages, and multiple organizations are involved in the generation and provisioning of those certificates to achieve a reasonable level of privacy. One of the main challenges is to facilitate efficient revocation of misbehaving or malfunctioning vehicles, while at the same time preserving privacy against attacks from insiders. We present a revocation process which actively informs the fleet about misbehaving devices and is very efficient regarding revoking a high number of pseudonym certificates with only a small amount of data signaled over the air. Another challenge is to handle certificate authority revocations without requiring all affected devices to come back to dealerships or get updated in some form of secure environment. We present an approach called Elector-based Root Management to minimize the impact on devices.



The authors of this chapter have contributed to the SCMS, but they rather see themselves as SCMS ambassadors than its inventors. The SCMS is a culmination of efforts by many parties and people. This includes members of the US Department of Transportation (USDOT), the Crash Avoidance Metric Partnership Vehicle Safety Consortium (CAMP) and the Vehicle Infrastructure Integration Consortium (VIIC). Its primary designer is the Vehicle Communications Security Team at CAMP, which mainly consists of representatives of vehicle manufacturers and security experts from industry and academia.


  1. 1.
    Bißmeyer, N. et al., 2011. A generic public key infrastructure for securing car-to-x communication. s.l., s.n.Google Scholar
  2. 2.
    ETSI, 2010a. TR 102 893 V1.1.1 (2010-03) Intelligent Transport Systems (ITS); Security; Threat, Vulnerability and Risk Analysis (TVRA), s.l.: s.n.Google Scholar
  3. 3.
    ETSI, 2010b. TS 102 731V1.1.1 (2010-09) Intelligent Transport Systems (ITS); Security; Security Services and Architecture., s.l.: s.n.Google Scholar
  4. 4.
    ETSI, 2012. TS 102 867 v1.1.1 (2012-06) Intelligent Transportation Systems (ITS); Security; Stage 3 mapping for IEEE 1609.2., s.l.: s.n.Google Scholar
  5. 5.
    IEEE Vehicular Technology Society, 2013. 1609.2. Annex E.4.1: Why sign data instead of using a message authentication code?, s.l.: s.n.Google Scholar
  6. 6.
    Kung, A., 2008. Secure Vehicle Communication. Security Architecture and Mechanisms for V2V/V2I., s.l.: s.n.Google Scholar
  7. 7.
    USDOT, 2006. Vehicle Safety Communications Project. Final Report 2006. Appendix H, s.l.: U.S. Department of Transportation, National Highway Traffic Safety Administration.Google Scholar
  8. 8.
    Brecht, B. et al., 2018. A Security Credential Management System for V2X Communications. IEEE Transactions on Intelligent Transport Systems. Google Scholar
  9. 9.
    Whyte, W., Weimerskirch, A., Kumar, V. & Hehn, T., 2013. A security credential management system for V2V communications. s.l., s.n., pp. 1–8.Google Scholar
  10. 10.
    USDOT, U. S. D. o. T. -. I. J. P. O., 2016. Connected Vehicle Pilot Deployment Program. [Online] Available at: [Accessed 16 October 2017].
  11. 11.
    Saltzer, J. H. & Schroeder, M. D., 1975. The Protection of Information in Computer Systems. Proceedings of the IEEE 63, September, 63(9), pp. 1278–1308.CrossRefGoogle Scholar
  12. 12.
    Cavoukian, A., 2011. Privacy by Design. The 7 Foundational Principles., s.l.: s.n.Google Scholar
  13. 13.
    Dierks, T. & Rescorla, E., 2008. RFC 5246 - The Transport Layer Security (TLS) Protocol, s.l.: IETF - Network Working Group.Google Scholar
  14. 14.
    IEEE, 2016. IEEE Std 1609.2-2016 - IEEE Standard for Wireless Access in Vehicular Environments–Security Services for Applications and Management Messages, s.l.: IEEE.Google Scholar
  15. 15.
    Chaum, D. & Van Heyst, E., 1991. Group Signatures. s.l., Springer, pp. 257–265.Google Scholar
  16. 16.
    Manulis, M. et al., 2012. Group Signatures: Authentication with Privacy, s.l.: s.n.Google Scholar
  17. 17.
    Carter, J. & Zhang, J., 2015. Analysis of Vehicle-Based Security Operations. Gothenburg, Sweden, s.n.Google Scholar
  18. 18.
    Boneh, D., Boyen, X. & Shacham, H., 2004. Short Group Signatures. s.l., Springer, pp. 41–55.Google Scholar
  19. 19.
    Calandriello, G., Papdimimitratos, P., Hubaux, J.-P. & Lioy, A., 2011. On the Performance of Secure Vehicular Communication Systems. s.l., IEEE, pp. 898–912.Google Scholar
  20. 20.
    Malina, L. et al., 2015. Efficient group signatures for privacy-preserving vehicular networks. Telecommunication Systems, 58(4), pp. 293–311.CrossRefGoogle Scholar
  21. 21.
    Carter, J. & Paul, N., 2016. Towards a Scalable Group Vehicle-based Security System. Ann Arbor, MI, USA, s.n.Google Scholar
  22. 22.
    Ateniese, G., Song, D. & Tsudik, G., 2003. Quasi-Efficient Revocation of Group Signatures. s.l., Springer, pp. 183–197.Google Scholar
  23. 23.
    Boneh, D. & Shacham, H., 2004. Group Signatures with Verifier-Local Revocation. s.l., ACM, pp. 168–177.Google Scholar
  24. 24.
    Camenisch, J. & Lysyanskaya, A., 2001. Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials. s.l., Springer, pp. 257–265.Google Scholar
  25. 25.
    Nakanishi, T. & Funabiki, N., 2005. A Short Verifier-Local Revocation Group Signature Scheme with Backward Unlinkability from Bilinear Maps. s.l., Springer, pp. 533–548.Google Scholar
  26. 26.
    Douceur, J. R., 2002. The Sybil Attack. London, UK, UK, Springer-Verlag, pp. 251–260.CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Auburn HillsUSA
  2. 2.Ingolstadt, germanyUSA

Personalised recommendations