Managing and Complementing Public Key Infrastructure for Securing Vehicular Ad Hoc Networks

Recently, vehicular ad-hoc network (VANET) has emerged as an excellent candidate to change the life style of the traveling passengers along the roads and highways in terms of improving the safety levels and providing a wide range of comfort applications. Due to the foreseen impact of VANETs on our lives, extensive attentions in industry and academia are directed towards bringing VANETs into real life and standardizing its network operation. Unfortunately, the open medium nature of wireless communications and the high-speed mobility of a large number of vehicles in VANETs pose many challenges that should be solved before deploying VANETs. It is evident that any malicious behavior of a user, such as injecting false information, modifying and replaying the disseminated messages, could be fatal to other legal users. In addition, users show prime interest in protecting their privacy. The privacy of users must be guaranteed in the sense that the privacy-related information of a vehicle should be protected to prevent an observer from revealing the real identities of the users, tracking their locations, and inferring sensitive data. From the aforementioned discussion, it is clear that security and privacy preservation are among the critical challenges for the deployment of VANETs. Public Key Infrastructure (PKI) is a well-recognized solution to secure VANETs. However, the traditional management of PKI cannot meet the security requirements of VANETs. In addition, some security services such as location privacy and fast authentication cannot be provided by the traditional PKI. Consequently, to satisfy the security and privacy requirements, it is prerequisite to elaborately design an efficient management of PKI and complementary mechanisms for PKI to achieve security and privacy preservation for practical VANETs. In this thesis, we focus on developing an efficient certificate management in PKI and designing PKI complementary mechanisms to provide security and privacy for VANETs. The accomplishments of this thesis can be briefly summarized as follows. Firstly, we propose an efficient Distributed Certificate Service (DCS) scheme for vehiciii ular networks. The proposed scheme offers a flexible interoperability for certificate service in heterogeneous administrative authorities, and an efficient way for any On-Board Units (OBUs) to update its certificate from the available infrastructure Road-Side Units (RSUs) in a timely manner. In addition, the DCS scheme introduces an aggregate batch verification technique for authenticating certificate-based signatures, which significantly decreases the verification overhead. Secondly, we propose an Efficient Decentralized Revocation (EDR) protocol based on a novel pairing-based threshold scheme and a probabilistic key distribution technique. Because of the decentralized nature of the EDR protocol, it enables a group of legitimate vehicles to perform fast revocation of a nearby misbehaving vehicle. Consequently, the EDR protocol improves the safety levels in VANETs as it diminishes the revocation vulnerability window existing in the conventional Certificate Revocation Lists (CRLs). Finally, we propose complementing PKI with group communication to achieve location privacy and expedite message authentication. In specific, the proposed complemented PKI features the following. First, it employs a probabilistic key distribution to establish a shared secret group key between non-revoked OBUs. Second, it uses the shared secret group key to perform expedite message authentication (EMAP) which replaces the timeconsuming CRL checking process by an efficient revocation checking process. Third, it uses the shared secret group key to provide novel location privacy preservation through random encryption periods (REP) which ensures that the requirements to track a vehicle are always violated. Moreover, in case of revocation an OBU can calculate the new group key and update its compromised keys even if the OBU missed previous rekeying process. For each of the aforementioned accomplishments, we conduct security analysis and performance evaluation to demonstrate the reliable security and efficiency of the proposed schemes.