Threat Model, Authentication, and Key Management

  • Stan Pietrowicz
Reference work entry


Security is an essential part of all vehicle networks. Communication among vehicles and roadside infrastructure needs to be secure, preserve vehicle privacy, and support efficient and effective removal of bad actors. The threat model for vehicle networks describes three categories of threat agents whose motives range from obtaining preferential treatment to tracking vehicles and disrupting transportation. Vehicle and roadside equipment, wireless communications, and network and software technologies are vulnerable to attack. The notion of privacy in vehicle networks encompasses the properties of anonymity and unlinkability. Vehicle tracking is a privacy threat that exploits vehicle communications, application transactions, and roadway conditions. Public Key Infrastructure is the predominant security architecture among vehicle networks, providing message authentication, integrity protection, and data encryption. The certificate management scheme affects privacy, the removal of bad actors, and system robustness. The combinatorial certificate scheme used in the US DOT proof-of-concept trial is an example of a shared certificate scheme. Removing bad actors in shared certificate schemes is challenging. Certificate revocation may affect many innocent vehicles, which may lose their network privileges. The short-lived, unlinked certificate scheme is an example of a unique certificate scheme that avoids the “one affects many” problem. It separates the certificate authority authorization and assignment functions and issues a large number of short-lived certificates, where certificate expiration may eliminate the need for revocation. Efficient and effective intrusion detection is critical to maintaining vehicle network integrity. Vehicle and roadside equipment, the certificate authority, application servers, and other network-based systems can participate in intrusion detection.


Intrusion Detection Certificate Authority Certificate Scheme Safety Message Medium Access Control Address 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. Di Crescenzo G, Pietrowicz S, Van Den Berg E, White R, Zhang T (2008) Vehicle segment certificate management using shared certificate schemes. US Patent Application 20080232583.
  2. Di Crescenzo G, Zhang T, Pietrowicz S (2010) Anonymity notions and techniques for public-key infrastructures in vehicle networks. In: Wiley Inter Science Security and Communications NetworksGoogle Scholar
  3. IEEE P1609.2 (2006) Trial-use standard for wireless access in vehicular environments – security services for applications and management messagesGoogle Scholar
  4. Pietrowicz S, Shim H, Di Crescenzo G, Zhang T (2008) VDTLS – providing secure communications in vehicular networks. INFOCOM 2008, PhoenixGoogle Scholar
  5. Pietrowicz S, Zhang T, Shim H (2010) Short-lived, unlinked certificates for privacy-preserving secure vehicular communications. In: ITS world congress, BusanGoogle Scholar
  6. Telcordia Technologies (2007) VII vehicle segment certificate managementGoogle Scholar
  7. Tengler S, Andrews S, Heft R (2007a) Digital certificate pool. US Patent Application 20070223702.
  8. Tengler S, Andrews S, Heft R (2007b) Security for anonymous vehicular broadcast messages. US Patent Application 20070222555,
  9. van den Berg E, Zhang T, Pietrowicz S (2009) Blend-in: a privacy-enhancing certificate-selection method for vehicular communicationGoogle Scholar
  10. White R, Pietrowicz S, Van den Berg E, Di Crescenzo G, Mok D, Ferrer R, Zhang T, Shim H (2009) Privacy and scalability analysis of vehicular combinatorial certificate schemes. In: 2009 IEEE CCNC, Las Vegas, 10–13 Jan 2009Google Scholar

Copyright information

© Springer-Verlag London Ltd. 2012

Authors and Affiliations

  1. 1.Telcordia TechnologiesRed BankUSA

Personalised recommendations