Implementation and Evaluation of CRL distribution for VANET

Download Report

Transcript Implementation and Evaluation of CRL distribution for VANET

Implementation and Evaluation of Certificate Revocation List Distribution for Vehicular Ad-hoc Networks Petra Ardelean Advisor: Panos Papadimitratos

Vehicular Ad-hoc Network (VANET)  Designed to provide safety and comfort for passengers  Using asymmetric cryptography  Certificate Authority (CA) issues certificates  Signature verification using the public key 2

Problem description  CRLs are needed for  Excluding compromised, faulty or illegitimate nodes  Preventing the use of compromised cryptographic material  How to distribute large CRLs in a reasonable time with low bandwidth utilization?

3

State of the art (1)  Papadimitratos et al,

Systems

[1]

Certificate Revocation List Distribution in Vehicular Communication

 The CA uses the infrastructure (RSUs) to send the CRLs to the vehicles  Use encoding mechanisms for redundancy 4

State of the art (2)  K. Laberteaux et al,

Security Certificate Revocation List Distribution for VANET

[2]  RSUs used as the first phase of the dissemination  Vehicles broadcast CRL updates to other vehicles 5

State of the art (3)  P. Papadimitratos et al,

Secure Vehicular Communications: Design and Architecture

[3]  Revocation Protocol of the Tamper-Proof Device (RTPD)  Revocation Protocol using Compressed Certificate Revocation (RCCRL)  Distributed Revocation Protocol (DRP) 6

General concept RSU3 Random encoded pieces CRL Distribution System RSU2 Random encoded pieces RSU1 Random encoded pieces 7

CRL Distribution System

CA

(1) Generate CRL (2) Encode the CRL (3) Sign each piece from (2)

Network Communication

(1) Compute how many pieces from (3) should be sent to each RSU (2) Send the pieces to the RSUs 8

The Encoding CRL Encoded CRL … Rabin’s algorithm … M parts N pieces, N > M Packet format sent to the RSUs CRL version Time stamp Sequence number CA ID Encoded CRL piece Signature CA private key 9

Vehicle – Receiving CRLs Packet format sent to the RSUs CRL version Time stamp Sequence number CA ID Encoded CRL piece Signature CA private key 1. Verify signature 2. Store CRL piece 3. If enough pieces stored, decode, i.e. reconstruct the CRL 10

Implementation  C++ implementation  Using openSSL cryptographic library for  Generating the CRLs  Signing and verifying the encoded pieces  Using Rabin’s algorithm as an erasure code 11

Implementation Network Communication  Configuration file with the RSUs IP addresses  Source routing to send random pieces to each RSU  Encoded pieces sent in UDP packets 12

Rabin’s algorithm - Encoding CRL M M M M A NxM X B M x L = W N x L 13

Rabin’s algorithm - Decoding A’ M x M -1 X W’ M x L = B M x L CRL 14

Evaluation Settings (1) CRL Distribution System random encoded pieces RSU random encoded pieces RSU random encoded pieces RSU 15

Evaluation Settings (2)

Laptop configuration

CPU Operating System Library Compiler Wireless card Intel 1.8 GHz Linux OpenSSL 0.9.8g

gcc 4.1.2

802.11b

AP configuration

Bit rate 5.5 Mbps 16

Evaluation Purposes  Examine the system performance by  varying the CRL size  varying the encoding vectors number and length 17

Evaluation Results (1)  Figures  show 95% confidence intervals  100 iteration for each experiment  M and N variations  M Є [25,100], increasing by 25  N chosen as the redundancy factor is r = N / M is 1.5

 Velocity 3 km/h 18

Evaluation Results (2) 19

Evaluation Results (2) 20

Evaluation Results (2)  The encoding vectors should be chosen in concordance with the CRL size 21

Evaluation Results (3) 22

Evaluation Results (3)  The time to reconstruct the original CRL is inverse proportional with the redundancy factor 23

Conclusion  First implementation of a CRL distribution system for VANET  Performance measurements conducted on the system 24

Further work  Compare the experimental results with simulation results  Integrate the CRL Distribution system into the Vehicular Communication project 25

Thank you Questions?

26

Bibliography [1] P. Papadimitratos, G. Mezzour, and J.-P. Hubaux,

Certificate Revocation List Distribution in Vehicular Communication Systems

, short paper, ACM VANET 2008, San Francisco, CA, USA, September 2008 [2] K. Laberteaux, J. Haas, and Y-C Hu,

Security Certicate Revocation List

Distribution for VANET,

ACM VANET, San Francisco, CA, USA, September 2008 [3] P. Papadimitratos, L. Buttyan, T. Holczer, E. Schoch, J. Freudiger, M. Raya, Z. Ma, F. Kargl, A. Kung, and J.-P. Hubaux,

Secure Vehicular Communications: Design and Architecture

, IEEE Communications Magazine, November 2008 27