Secure Vehicular Communication Systems: Design and Implementation of a Vehicular PKI (VPKI)

Sammanfattning: The idea of vehicular communication systems could bring more safety, immunity and assurance in driving while it poses a variety of applications in traffic efficiency, driver assistance, environmental hazards, road conditions and infotainment. The aim is to make driving safer and to facilitate driving to the full extent, even on dangerous roads. However, having effective and robust operations within the VC system needs an infrastructure to handle threats, faults, illegitimate activities and unexpected incidents. Message authentication, integrity, non-repudiation and privacy within such a system are considered as the most controversial issues from security perspective. The idea is to protect privacy not only from legal point of view, but also from technical perspective in terms of using privacy enhancing technologies. To provide security within such a system, the idea of Public Key Infrastructure is considered as a promising solution. Using long-term certificates does reveal the real identity of the owner. Since users’ privacy is considered as the main security requirement in the VC system, standard certificates (X.509) and normal PKI cannot be used within a VC network. There are some functionalities and features for vehicular communication systems that do not exist in standard PKI. As a result, using pseudonym certificates to perform transactions within the VC system is a solution. In this report, a vehicular public key infrastructure, called VPKI, is proposed. OpenCA is used as the PKI, equipped with Pseudonym Certificate Authority (PCA), Long-Term Certificate Authority (LTCA) and Pseudonym Resolution Authority (PRA). These authorities are certified by the RCA and they have privileges to perform their tasks. LTCA is responsible for issuing long-term certificates while PCA is responsible for issuing pseudonym certificates. PRA is the authority to perform pseudonym resolution to identify the real identity of a pseudonym certificate. When it comes to CRL, PCA is the responsible authority to determine revoked pseudonym certificates in order to keep the system secure. Three protocols are then proposed to obtain pseudonym certificates, latest version of pseudonym CRL as well as performing pseudonym resolution. Obtaining pseudonym certificates is done in two phases. Firstly, each vehicle sends a request to LTCA to get a valid token. In the second step, the token is used by PCA to issue pseudonym certificates.