Vehicular ad hoc networks (VANETs) adopt the Public Key Infrastructure (PKI) and Certificate Revocation Lists (CRLs) for their security. In any PKI system, the authentication of a received message is performed by checking if the certificate of the sender is included in the current CRL, and verifying the authenticity of the certificate and signature of the sender.
In this paper, we propose an Expedite Message Authentication Protocol (EMAP) for VANETs, which replaces the time-consuming CRL checking process by an efficient revocation checking process. The revocation check process in EMAP uses a keyed Hash Message Authentication Code HMACř, where the key used in calculating the MAC is shared only between no revoked On-Board Units (OBUs).
EMAP uses a novel probabilistic key distribution, which enables no revoked OBUs to securely share and update a secret key. EMAP can significantly decrease the message loss ratio due to the message verification delay compared with the conventional authentication methods employing CRL. By conducting security analysis and performance evaluation, MAP is demonstrated to be secure and efficient.
The vehicles communicate through wireless channels; a variety of attacks such as injecting false information, modifying and replaying the disseminated messages can be easily launched. A security attack on VANETs can have severe harmful or fatal consequences to legitimate users. Consequently, ensuring secure vehicular communications is a must before any VANET application can be put into practice. A well-recognized solution to secure VANETs is to deploy Public Key Infrastructure (PKI), and to use Certificate Revocation Lists (CRLs) for managing the revoked certificates. In PKI, each entity in the network holds an authentic certificate, and every message should be digitally signed before its transmission. A CRL, usually issued by a Trusted Authority (TA), is a list containing all the revoked certificates.
In a PKI system, the authentication of any message is performed by first checking if the senderís certificate is included in the current. The first part of the authentication, which checks the revocation status of the sender in a CRL, may incur long delay depending on the CRL size and the employed mechanism for searching the CRL. Unfortunately, the CRL size in VANETs is expected to be large for the following reasons: 1) To preserve the privacy of the drivers, i.e., to abstain the leakage of the real identities and location information of the drivers from any external eavesdropper, each OBU should be preloaded with a set of anonymous digital certificates, where the OBU has to periodically change its anonymous certificate to mislead attackers.
The interested in the computation complexity of the revocation status checking process which is defined as the number of comparison operations required to check the revocation status of an OBU. Let Nrev denote the total number of revoked certificates in a CRL. To check the revocation status of an OBUu using the linear search algorithm, an entity has to compare the certificate identity of OBUu with every certificate of the Nrev certificates in the CRL the entity performs one-to-one checking process.
Consequently, the computation complexities of employing the linear search algorithm to perform a revocation status checkingin the middle, then half of the CRL with identities lower than that of OBUu are discarded from the upcoming comparisons. If the certificate identity of OBUu is lower than that of the entry in the middle, then half of the CRL with identities higher than that of OBUu are discarded. The checking process is repeated until a match is found or the CRL is finished. It can be seen that at each step in the binary search method half of the entries considered in the search is discarded in the computation complexity of the binary search algorithm to perform a revocation status checking.
- Primary Security Requirements
- Efficient Authentication
- Message Authentication
- Resistance To Colluding Attacks
- Authentication Delay
- End-To-End Delay
- Message Loss Ratio
||ASP.Net with C#
||SQL Server 2005