Performance Analysis of an OCSP-Based Authentication Protocol for VANETs

Performance Analysis of an OCSP-Based Authentication Protocol for VANETs

Jetzabel Serna-Olvera (Technical University of Catalonia, Spain), Valentina Casola (University of Naples Federico II, Italy), Massimiliano Rak (Second University of Naples, Italy), Jesús Luna (Darmstadt University of Technology, Germany), Manel Medina (Technical University of Catalonia, Spain) and Nicola Mazzocca (University of Naples Federico II, Italy)
DOI: 10.4018/jaras.2012010102
OnDemand PDF Download:
No Current Special Offers


Vehicular Ad-Hoc NETworks (VANETs) improve road safety by preventing and reducing traffic accidents, but VANETs also raise important security and privacy issues. A common approach widely adopted in VANETs is the use of Public Key Infrastructures (PKI) and digital certificates in order to enable authentication and confidentiality, usually relying on a large set of regional Certification Authorities (CAs). Despite the advantages of the latter approach, it raises new problems related with the secure interoperability among the different –and usually unknown- issuing CAs. This paper addresses authentication and interoperability issues in vehicular communications, considering an interregional scenario where mutual authentication between all the nodes is needed. The use of an Authentication Service (AS) is proposed, which supplies vehicles with a trusted set of authentication credentials by implementing a near real-time certificate status service via the well-known Online Certificate Status Protocol (OCSP). The proposed AS also implements a mechanism to quantitatively evaluate the trust level of a CA, in order to decide on-the-fly if an interoperability relationship can be created. The feasibility and performance of the proposed mechanisms are demonstrated via simulations and quantitative analyses by providing a set of communication measurements considering an urban scenario.
Article Preview

1. Introduction

Vehicular Ad hoc NETworks (VANET) are the basis of the Intelligent Transportation Systems (ITS) and a relevant form of mobile ad-hoc networks. Their successful deployment promises extraordinary benefits by improving road safety and offering a wide range of location-based applications. A VANET system (Figure 1) generally consists of vehicles (a set of highly dynamic communication nodes) and Road Side Units RSUs (fixed communication nodes positioned along the roads and considered as part of the infrastructure). Typically a vehicle in a VANET will be equipped with processing, recording and communication features, and according to the Dedicated Short Range Communications - DSRC standard (Armstrong, n. d.; Guo & Balon, 2006) the vehicle-to-vehicle (v2v) and vehicle-to-infrastructure (v2i) communications will allow data rates from 6-27Mbps at a maximum transmission range of 1000m; Thus, enabling nodes to exchange all kinds of application-related information e.g., warning, traffic, infotainment, etc. Despite the benefits that a VANET system can provide it is also vulnerable to several security attacks that may compromise the system and even cause life-threatening situations (i.e., false warnings that could cause road accidents). Since in a VANET access is granted by default, exchanged messages are “available” to all nodes in transmission range, the communication will be across multiple hops. One of the most important challenges is just finding the proper techniques and architectural solutions to enforce security and authentication, even in the presence of nodes (vehicles) belonging to unknown domains.

Figure 1.

Vanet system


However the unique features that are inherent to the VANET system and are decisive in the design of the communication must be considered by any proposed architecture. For example the dynamic nature of a VANET, from the communications point of view, could be an important constraint since this includes dynamic topology, mobility and speed of nodes that might affect communications. On the other hand features such as the “infinite” energy supply, from the security point of view could be considered as an important advantage in the implementation of rigorous cryptographic solutions. Therefore the trade-off among VANET’s dynamic nature and its security should be carefully considered.

In this paper we present a set of security protocols aimed at providing authentication among vehicles from untrusted domains even when no infrastructure is available, taking into account the advantages and constraints present in a VANET system. Note that, the basics from these protocols have been previously introduced in Casola et al. (2010), and this paper is an extension of such research that presents a performance analysis in order to prove the feasibility of the proposed application-level security protocols. The performance analysis presented in this paper was validated trough the evaluation of different cryptographic systems and the simulation of an urban scenario.

The reminder of this paper is organized as follows: Section 2 presents a high-level view of the proposed security model for mutual authentication in VANETs’ untrusted domains; the main components of the proposed architecture are described in Section 3. Section 4 analyses the adoption of the proposed security protocols in the v2v and v2i scenarios. In Section 5 a qualitative evaluation of proposed protocols’ implementation in vehicular communications is presented. Section 6 reviews state of the art approaches in VANET’s security and authentication, and finally Section 7 highlights the concluding remarks and points out future research directions.


2. Security Model For Vanets

At the state of the art to implement a secure service access in vehicular networks, it is assumed that vehicles are able to run cryptographic protocols and the authentication process is able of validating X.509v3 (Housley, Polk, Ford, & Solo, 2002) digital certificates issued by valid Public Key Infrastructures (PKI). Up to now, research proposals (Plossl, Nowey, & Mletzko, 2006; Raya & Hubaux, 2007; Liu, Fang, & Shi, 2007), have envisioned a wide range of certification authorities (CAs) acting as trusted third parties within regional scopes, just as shown in Figure 2.

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 7: 1 Issue (2016)
Volume 6: 2 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing