Efficient CRL search in vehicular network PKIS

We investigate privacy-preserving Public-Key Infrastructures (PKIs) with additional security, privacy, and performance requirements meant to support vehicular networks. While conventional PKIs are a cornerstone for identity management in certain security applications, they do not offer the privacy properties that vehicular networks demand. Over the last few years, there have been efforts to generalize conventional PKIs to meet these new privacy and security demands. One particular example is the class of multiple certificate PKIs where each vehicle is given multiple short-lived and anonymous certificates that can function as credentials until the vehicle is due for, say, the next inspection or dealership visit. While such PKIs offer attractive security and privacy properties, achieving acceptable performance has remained an open problem thus questioning their practicality.

In this paper, we formally define and investigate the efficient certificate revocation list (CRL) search problem for multiple certificate PKIs, which asks whether it is possible to efficiently test CRL membership of a given certificate in the same order of computational complexity as in conventional PKIs (that is, by a simple and fast binary search over the set of revoked PKI members). Any solution to this problem is of particular interest when it does not introduce unacceptable compromises on other important properties such as security and privacy. We start by formally defining vehicular networks and a number of security, privacy and performance requirements for them. Then we demonstrate that for PKIs based on general classes of efficient algorithms, containing binary search over totally ordered sets and approximate nearest neighbor search over metric spaces, a solution to the efficient CRL search problem can be used to violate privacy. Finally, we present and analyze new solutions that simultaneously solve the efficient cRL search problem and satisfy privacy requirements by allowing all vehicles to locally (i.e., with minimal help from the CA) and consistently (i.e., with the same results across all vehicles) manage their CRLs. Using these ideas, we can maintain security and privacy properties while reducing the CRL membership testing time to logarithmic in the number of revoked vehicles, which is essentially the same performance that one obtains with conventional PKIs where privacy is not required.