Transcript Implementation and Evaluation of CRL distribution for VANET

Implementation and Evaluation of
Certificate Revocation List Distribution
for Vehicular Ad-hoc Networks
Petra Ardelean
Advisor: Panos Papadimitratos
Vehicular Ad-hoc Network (VANET)

Designed to provide safety and comfort for
passengers

Using asymmetric cryptography


Certificate Authority (CA) issues certificates
Signature verification using the public key
2
Problem description


CRLs are needed for

Excluding compromised, faulty or illegitimate
nodes

Preventing the use of compromised cryptographic
material
How to distribute large CRLs in a reasonable
time with low bandwidth utilization?
3
State of the art (1)

Papadimitratos et al, Certificate Revocation List
Distribution in Vehicular Communication
Systems [1]

The CA uses the infrastructure (RSUs) to send the
CRLs to the vehicles

Use encoding mechanisms for redundancy
4
State of the art (2)

K. Laberteaux et al, Security Certificate
Revocation List Distribution for VANET [2]

RSUs used as the first phase of the dissemination

Vehicles broadcast CRL updates to other vehicles
5
State of the art (3)

P. Papadimitratos et al, Secure Vehicular
Communications: Design and Architecture [3]

Revocation Protocol of the Tamper-Proof Device
(RTPD)

Revocation Protocol using Compressed Certificate
Revocation (RCCRL)

Distributed Revocation Protocol (DRP)
6
General concept
CRL Distribution System
RSU3
Random
encoded
pieces
RSU2
Random
encoded
pieces
RSU1
Random
encoded
pieces
7
CRL Distribution System
CA
(1) Generate CRL
(2) Encode the CRL
(3) Sign each piece from (2)
Network Communication
(1) Compute how many pieces
from (3) should be sent to each
RSU
(2) Send the pieces to the RSUs
8
The Encoding
…
CRL
Encoded CRL
M parts
Rabin’s
algorithm
N pieces,
N>M
…
Packet format sent to the RSUs
CRL
Time
Sequence CA
version stamp
number
ID
Encoded
CRL piece
Signature CA
private key
9
Vehicle – Receiving CRLs
Packet format sent to the RSUs
CRL
version
Time
stamp
Sequence
number
CA
ID
Encoded
CRL piece
Signature CA
private key
1. Verify signature
2. Store CRL piece
3. If enough pieces stored, decode, i.e.
reconstruct the CRL
10
Implementation

C++ implementation

Using openSSL cryptographic library for


Generating the CRLs

Signing and verifying the encoded pieces
Using Rabin’s algorithm as an erasure code
11
Implementation
Network Communication

Configuration file with the RSUs IP addresses

Source routing to send random pieces to
each RSU

Encoded pieces sent in UDP packets
12
Rabin’s algorithm - Encoding
CRL
M
A
NxM
M
X
M
B
M
M xL
=
W
NxL
13
Rabin’s algorithm - Decoding
-1
A’
MxM
X W’
MxL
=
B
Mx L
CRL
14
Evaluation Settings (1)
random
encoded
pieces
RSU
random
encoded
pieces
RSU
CRL Distribution System
random
encoded
pieces
RSU
15
Evaluation Settings (2)
Laptop configuration
CPU
Intel 1.8 GHz
Operating System
Linux
Library
OpenSSL 0.9.8g
Compiler
gcc 4.1.2
Wireless card
802.11b
AP configuration
Bit rate
5.5 Mbps
16
Evaluation Purposes

Examine the system performance by

varying the CRL size

varying the encoding vectors number and length
17
Evaluation Results (1)



Figures

show 95% confidence intervals

100 iteration for each experiment
M and N variations

M Є [25,100], increasing by 25

N chosen as the redundancy factor is r = N/M is 1.5
Velocity 3 km/h
18
Evaluation Results (2)
19
Evaluation Results (2)
20
Evaluation Results (2)

The encoding vectors should be chosen
in concordance with the CRL size
21
Evaluation Results (3)
22
Evaluation Results (3)

The time to reconstruct the original
CRL is inverse proportional with the
redundancy factor
23
Conclusion

First implementation of a CRL distribution
system for VANET

Performance measurements conducted on
the system
24
Further work

Compare the experimental results with
simulation results

Integrate the CRL Distribution system into the
Vehicular Communication project
25
Thank you
Questions?
26
Bibliography
[1] P. Papadimitratos, G. Mezzour, and J.-P. Hubaux, Certificate Revocation
List Distribution in Vehicular Communication Systems, short paper,
ACM VANET 2008, San Francisco, CA, USA, September 2008
[2] K. Laberteaux, J. Haas, and Y-C Hu, Security Certicate Revocation List
Distribution for VANET, ACM VANET, San Francisco, CA, USA,
September 2008
[3] P. Papadimitratos, L. Buttyan, T. Holczer, E. Schoch, J. Freudiger, M. Raya,
Z. Ma, F. Kargl, A. Kung, and J.-P. Hubaux, Secure Vehicular
Communications: Design and Architecture, IEEE Communications
Magazine, November 2008
27