Transcript Implementation and Evaluation of CRL distribution for VANET
Implementation and Evaluation of Certificate Revocation List Distribution for Vehicular Ad-hoc Networks Petra Ardelean Advisor: Panos Papadimitratos
Vehicular Ad-hoc Network (VANET) Designed to provide safety and comfort for passengers Using asymmetric cryptography Certificate Authority (CA) issues certificates Signature verification using the public key 2
Problem description CRLs are needed for Excluding compromised, faulty or illegitimate nodes Preventing the use of compromised cryptographic material How to distribute large CRLs in a reasonable time with low bandwidth utilization?
3
State of the art (1) Papadimitratos et al,
Systems
[1]
Certificate Revocation List Distribution in Vehicular Communication
The CA uses the infrastructure (RSUs) to send the CRLs to the vehicles Use encoding mechanisms for redundancy 4
State of the art (2) K. Laberteaux et al,
Security Certificate Revocation List Distribution for VANET
[2] RSUs used as the first phase of the dissemination Vehicles broadcast CRL updates to other vehicles 5
State of the art (3) P. Papadimitratos et al,
Secure Vehicular Communications: Design and Architecture
[3] Revocation Protocol of the Tamper-Proof Device (RTPD) Revocation Protocol using Compressed Certificate Revocation (RCCRL) Distributed Revocation Protocol (DRP) 6
General concept RSU3 Random encoded pieces CRL Distribution System RSU2 Random encoded pieces RSU1 Random encoded pieces 7
CRL Distribution System
CA
(1) Generate CRL (2) Encode the CRL (3) Sign each piece from (2)
Network Communication
(1) Compute how many pieces from (3) should be sent to each RSU (2) Send the pieces to the RSUs 8
The Encoding CRL Encoded CRL … Rabin’s algorithm … M parts N pieces, N > M Packet format sent to the RSUs CRL version Time stamp Sequence number CA ID Encoded CRL piece Signature CA private key 9
Vehicle – Receiving CRLs Packet format sent to the RSUs CRL version Time stamp Sequence number CA ID Encoded CRL piece Signature CA private key 1. Verify signature 2. Store CRL piece 3. If enough pieces stored, decode, i.e. reconstruct the CRL 10
Implementation C++ implementation Using openSSL cryptographic library for Generating the CRLs Signing and verifying the encoded pieces Using Rabin’s algorithm as an erasure code 11
Implementation Network Communication Configuration file with the RSUs IP addresses Source routing to send random pieces to each RSU Encoded pieces sent in UDP packets 12
Rabin’s algorithm - Encoding CRL M M M M A NxM X B M x L = W N x L 13
Rabin’s algorithm - Decoding A’ M x M -1 X W’ M x L = B M x L CRL 14
Evaluation Settings (1) CRL Distribution System random encoded pieces RSU random encoded pieces RSU random encoded pieces RSU 15
Evaluation Settings (2)
Laptop configuration
CPU Operating System Library Compiler Wireless card Intel 1.8 GHz Linux OpenSSL 0.9.8g
gcc 4.1.2
802.11b
AP configuration
Bit rate 5.5 Mbps 16
Evaluation Purposes Examine the system performance by varying the CRL size varying the encoding vectors number and length 17
Evaluation Results (1) Figures show 95% confidence intervals 100 iteration for each experiment M and N variations M Є [25,100], increasing by 25 N chosen as the redundancy factor is r = N / M is 1.5
Velocity 3 km/h 18
Evaluation Results (2) 19
Evaluation Results (2) 20
Evaluation Results (2) The encoding vectors should be chosen in concordance with the CRL size 21
Evaluation Results (3) 22
Evaluation Results (3) The time to reconstruct the original CRL is inverse proportional with the redundancy factor 23
Conclusion First implementation of a CRL distribution system for VANET Performance measurements conducted on the system 24
Further work Compare the experimental results with simulation results Integrate the CRL Distribution system into the Vehicular Communication project 25
Thank you Questions?
26
Bibliography [1] P. Papadimitratos, G. Mezzour, and J.-P. Hubaux,
Certificate Revocation List Distribution in Vehicular Communication Systems
, short paper, ACM VANET 2008, San Francisco, CA, USA, September 2008 [2] K. Laberteaux, J. Haas, and Y-C Hu,
Security Certicate Revocation List
Distribution for VANET,
ACM VANET, San Francisco, CA, USA, September 2008 [3] P. Papadimitratos, L. Buttyan, T. Holczer, E. Schoch, J. Freudiger, M. Raya, Z. Ma, F. Kargl, A. Kung, and J.-P. Hubaux,
Secure Vehicular Communications: Design and Architecture
, IEEE Communications Magazine, November 2008 27