Vehicle-to-Everything (V2X) communications are a critical component in Intelligent Transportation Systems development (ITS). Such technologies need to strike a balance between security and efficiency. While communications between cars must be verified to deter misbehavior and prevent data falsification, users’ privacy must be protected to prevent the system from being misused for mass monitoring. As a result, the use of a vehicular public key infrastructure (VPKI) has become prevalent to facilitate both privacy awareness and scalability for the next-generation ITS. In general, the authorized cars are provided with numerous short-term pseudonym certificates in modern vehicular security designs, allowing users to escape tracking by rotating between certificates while signing communications. However, because of the high number of certificates in the system, revocation via Certificate Revocation Lists (CRLs) become complicated and inefficient.
In April 2021, Simplicio Jr, M. A. et al. [1] published a paper in Vehicular Communications which discussed the two possible solutions to this problem. The first solution is linked to frequent provisioning of non-revoked vehicles with a small number of certificates, as is done in the Cooperative Intelligent Transportation Systems (C-ITS) standard led by the European Telecommunications Standards Institute (ETSI). The second solution is provisioning many encrypted certificates and periodically broadcasting “activation codes” for controlling decryption by non-revoked vehicles, as proposed in Activation Codes for Pseudonym Certificates (ACPC). ACPC is an extension of the Security Credential Management System (SCMS) which is a part of the IEEE 1609.2 standard.
The paper indicated that there are significant advantages of ACPC over C-ITS by supporting distributed caching. ACPC also has advantages over CRLs by avoiding processing overheads on vehicles. Moreover, ACPC can benefit from unicast activation code distribution with various trade-offs between privacy and bandwidth savings. The experimental analysis showed that ACPC can maintain the same level of secrecy as C-ITS while downloading 16-byte codes instead of hundreds of kilobytes, besides addressing bandwidth costs that grow logarithmically with the number of revocations.
[1] M. A. Simplicio Jr, E. L. Cominetti, H. K. Patil, J. E. Ricardini, and M. V. M. Silva, “Revocation in Vehicular Public Key Infrastructures: Balancing privacy and efficiency,” Vehicular Communications, 28: 100309, 2021.
Written by Nishat Mowla