1 / 27

Petra Ardelean Advisor: Panos Papadimitratos

Implementation and Evaluation of Certificate Revocation List Distribution for Vehicular Ad-hoc Networks. Petra Ardelean Advisor: Panos Papadimitratos. Vehicular Ad-hoc Network (VANET). Designed to provide safety and comfort for passengers Using asymmetric cryptography

xenos-love
Download Presentation

Petra Ardelean Advisor: Panos Papadimitratos

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Implementation and Evaluation of Certificate Revocation List Distribution for Vehicular Ad-hoc Networks Petra Ardelean Advisor: Panos Papadimitratos

  2. Vehicular Ad-hoc Network (VANET) • Designed to provide safety and comfort for passengers • Using asymmetric cryptography • Certificate Authority (CA) issues certificates • Signature verification using the public key

  3. Problem description • CRLs are needed for • Excluding compromised, faulty or illegitimate nodes • Preventing the use of compromised cryptographic material • How to distribute large CRLs in a reasonable time with low bandwidth utilization?

  4. State of the art (1) • Papadimitratos et al, Certificate Revocation List Distribution in Vehicular Communication Systems [1] • The CA uses the infrastructure (RSUs) to send the CRLs to the vehicles • Use encoding mechanisms for redundancy

  5. State of the art (2) • K. Laberteaux et al, Security Certificate Revocation List Distribution for VANET [2] • RSUs used as the first phase of the dissemination • Vehicles broadcast CRL updates to other vehicles

  6. State of the art (3) • P. Papadimitratos et al, Secure Vehicular Communications: Design and Architecture [3] • Revocation Protocol of the Tamper-Proof Device (RTPD) • Revocation Protocol using Compressed Certificate Revocation (RCCRL) • Distributed Revocation Protocol (DRP)

  7. Random encoded pieces Random encoded pieces Random encoded pieces General concept CRL Distribution System RSU3 RSU2 RSU1

  8. CRL Distribution System CA (1) Generate CRL (2) Encode the CRL (3) Sign each piece from (2) • Network Communication • Compute how many pieces from (3) should be sent to each RSU • Send the pieces to the RSUs

  9. CRL … M parts Rabin’s algorithm Encoded CRL N pieces, N > M … Packet format sent to the RSUs CRL version Time stamp Sequence number CA ID Encoded CRL piece Signature CA private key The Encoding

  10. Vehicle – Receiving CRLs Packet format sent to the RSUs CRL version Time stamp Sequence number CA ID Encoded CRL piece Signature CA private key 1. Verify signature 2. Store CRL piece 3. If enough pieces stored, decode, i.e. reconstruct the CRL

  11. Implementation • C++ implementation • Using openSSL cryptographic library for • Generating the CRLs • Signing and verifying the encoded pieces • Using Rabin’s algorithm as an erasure code

  12. ImplementationNetwork Communication • Configuration file with the RSUs IP addresses • Source routing to send random pieces to each RSU • Encoded pieces sent in UDP packets

  13. Rabin’s algorithm - Encoding CRL M M M M NxM = A X N x L B M x L W

  14. Rabin’s algorithm - Decoding -1 A’ M x M W’ M x L M x L B = X CRL

  15. Evaluation Settings (1) random encoded pieces RSU random encoded pieces RSU CRL Distribution System random encoded pieces RSU

  16. Evaluation Settings (2)

  17. Evaluation Purposes • Examine the system performance by • varying the CRL size • varying the encoding vectors number and length

  18. Evaluation Results (1) • Figures • show 95% confidence intervals • 100 iteration for each experiment • M and N variations • M Є [25,100], increasing by 25 • N chosen as the redundancy factor is r = N/M is 1.5 • Velocity 3 km/h

  19. Evaluation Results (2)

  20. Evaluation Results (2)

  21. Evaluation Results (2) • The encoding vectors should be chosen in concordance with the CRL size

  22. Evaluation Results (3)

  23. Evaluation Results (3) • The time to reconstruct the original CRL is inverse proportional with the redundancy factor

  24. Conclusion • First implementation of a CRL distribution system for VANET • Performance measurements conducted on the system

  25. Further work • Compare the experimental results with simulation results • Integrate the CRL Distribution system into the Vehicular Communication project

  26. Thank you Questions?

  27. Bibliography [1] P. Papadimitratos, G. Mezzour, and J.-P. Hubaux, Certificate Revocation List Distribution in Vehicular Communication Systems, short paper, ACM VANET 2008, San Francisco, CA, USA, September 2008 [2] K. Laberteaux, J. Haas, and Y-C Hu, Security Certicate Revocation List Distribution for VANET, ACM VANET, San Francisco, CA, USA, September 2008 [3] P. Papadimitratos, L. Buttyan, T. Holczer, E. Schoch, J. Freudiger, M. Raya, Z. Ma, F. Kargl, A. Kung, and J.-P. Hubaux, Secure Vehicular Communications: Design and Architecture, IEEE Communications Magazine, November 2008

More Related