MHT-based mechanism for certificate revocation in VANETs
Autor: | Muñoz Tapia, José Luis|||0000-0001-6442-437X, Esparza Martín, Óscar|||0000-0002-2593-0162, Hernández Gañán, Carlos, Mata Diaz, Jorge|||0000-0003-4831-0588, Alins Delgado, Juan José|||0000-0001-8214-4056, Ganchev, Ivan |
---|---|
Přispěvatelé: | Universitat Politècnica de Catalunya. Departament d'Enginyeria Telemàtica, Universitat Politècnica de Catalunya. SERTEL - Serveis Telemàtics |
Předmět: |
PKI
Sistemes de transport intel·ligent Ordinadors Xarxes d' -- Mesures de seguretat MHT Enginyeria de la telecomunicació::Telemàtica i xarxes d'ordinadors::Protocols de comunicació [Àrees temàtiques de la UPC] Vehicular ad hoc networks (Computer networks) VANETs Certificate revocation Informàtica::Arquitectura de computadors [Àrees temàtiques de la UPC] Extended-CRL Intelligent Transportation Systems |
Zdroj: | Recercat. Dipósit de la Recerca de Catalunya Universitat Jaume I UPCommons. Portal del coneixement obert de la UPC Universitat Politècnica de Catalunya (UPC) |
Popis: | Vehicular Ad Hoc Networks (VANETs) require mechanisms to authenticate messages, identify valid vehicles, and remove misbehaving vehicles. A Public Key Infrastructure (PKI) can be utilized to provide these functionalities using digital certificates. However, if a vehicle is no longer trusted, its certificates have to be immediately revoked and this status information has to be made available to other vehicles as soon as possible. The goal of this chapter is to introduce and describe in detail a certificate revocation mechanism based on the Merkle Hash Tree (MHT), which allows to efficiently distribute certificate revocation information in VANETs. For this, an extended-CRL is created by embedding a hash tree in each standard certificate revocation list (CRL). A node possessing an extended-CRL can respond to certificate status requests without having to send the complete CRL. Instead, the node can send a short response (less than 1 KB) that fits in a single UDP message. This means that any node possessing an extended-CRL, including Road Side Units (RSUs) or intermediate vehicles, can produce short certificate-status responses that can be easily authenticated. The main procedures involved in the proposed mechanism are described in detail. General security issues related to the mechanism are treated as well. |
Databáze: | OpenAIRE |
Externí odkaz: |