MHT-based mechanism for certificate revocation in VANETs

Abstract

Vehicular Ad Hoc Networks (VANETs) require mechanisms to authenticate messages, identify valid vehicles, and remove misbehaving vehicles. A Public Key Infrastructure (PKI) can be utilized to provide these functionalities using digital certificates. However, if a vehicle is no longer trusted, its certificates have to be immediately revoked and this status information has to be made available to other vehicles as soon as possible. The goal of this chapter is to introduce and describe in detail a certificate revocation mechanism based on the Merkle Hash Tree (MHT), which allows to efficiently distribute certificate revocation information in VANETs. For this, an extended-CRL is created by embedding a hash tree in each standard certificate revocation list (CRL). A node possessing an extended-CRL can respond to certificate status requests without having to send the complete CRL. Instead, the node can send a short response (less than 1 KB) that fits in a single UDP message. This means that any node possessing an extended-CRL, including Road Side Units (RSUs) or intermediate vehicles, can produce short certificate-status responses that can be easily authenticated. The main procedures involved in the proposed mechanism are described in detail. General security issues related to the mechanism are treated as well.