Binary Hash Tree based Certificate Access Management for Connected Vehicles (BCAM)
- 1. Binary Hash Tree based
Certificate Access Management
for Connected Vehicles (BCAM)
Virendra Kumar, Jonathan Petit, William Whyte
- 9. Encrypted Batches of Certificates
1 2 3 4 5
6 7 8 9 10
11 12 13 14 15
16 17 18 19 20
21 22 23 … n
9
- 12. Day 1: No Revocation
10
0100 10 11
000 001 010 011 100 101 110 111
seed
0 1 2 3 4 5 6 7
Published node
Derived node
12
- 13. Day 2: Vehicles 2, 4, 5 Revoked
10
0100 10 11
000 001 010 011 100 101 110 111
seed
0 1 2 3 4 5 6 7
Published node
Derived node
Revoked node
13
- 14. Pathological: Every Other Vehicle Revoked
10
0100 10 11
000 001 010 011 100 101 110 111
seed
0 1 2 3 4 5 6 7
Published node
Derived node
Revoked node
14
- 15. Binary Tree Encoding
Encoding Size Decoding Time
Unique index of each
published node
r * log2(n/r) * (log2(n) + 1)
number of published nodes
Same as searching
Unique index of each
revoked leaf node
r * log2(n)
No efficient algorithm
known
n: number of leaf-nodes, r: number of revoked vehicles, 1 ≤ r ≤ n/2
Can we get the best of both worlds? 15
- 16. A New Algorithm for Full Binary Trees
Observations:
1. Topology known, only need to know which
nodes are published and which are omitted.
2. Subtree of a published node can be ignored
without any loss of information.
Encoding:
1. Start from root with an empty string.
2. Do breadth-first traversal.
1. Append 0 for revoked node.
2. Append 1 for published node.
3. Do nothing for derived node.
0
0 0
1 0 0 1
0 1 0 0
0 00 1001 0100Encoded string:
Disclaimer: Authors are not aware of any prior art with equivalent encoding sizes and decoding times.
1 2
3
Published nodes: 00, 11, 011
16
- 17. A New Algorithm for Full Binary Trees Contd.
Decoding:
1. Start from root and process 1 level at a time.
2. At every level, look at the bit of interest
1. If 0, go to next level.
2. If 1, output the number of 1s so far, and stop.
Example (vehicle 3 011):
Disclaimer: Authors are not aware of any prior art with equivalent encoding sizes and decoding times.
Encoding: 0 00 1001 0100
Bits at a level:
# bits before bit of interest: 0
# bits after bit of interest: 0
Rules for going to next level:
1. # bits before = 2 * (# 0s in bits before bit of interest)
2. Add 1 to (# bits before), if next bit of vehicle ID is 1.
3. # bits after = 2 * (# 0s in bits after bit of interest)
4. Add 1 to (# bits after), if next bit of vehicle ID is 0.
bit of interest
Vehicle ID bit
Bits at a level:
# bits before bit of interest: 0
# bits after bit of interest: 1
Bits at a level:
# bits before bit of interest: 1
# bits after bit of interest: 2
Bits at a level:
# bits before bit of interest: 1
# bits after bit of interest: 2
3
1 2
3
17
- 18. Efficiency of Encoding Algorithm
Encoding size
– # published nodes ≈ # revoked nodes, i.e. encoding has roughly the same
number of 0s and 1s.
– Size ≈ 2*r*log2(n/r)
– For n=240, r=1,000, encoding takes less than 1% of the full packet, i.e. about 20
times smaller than using unique index of each published node.
Decoding time
– Breadth-first but queue size ≤ r.
– For n=240, r=10,000, a consumer laptop (2.7 GHz Intel Core i7, 16GB RAM) takes
less than 3 milliseconds on average.
18
n: number of leaf-nodes, r: number of revoked vehicles, 1 ≤ r ≤ n/2
- 19. “Not all compromises are created equal.”
Software Compromise Hardware Compromise
Can be easily replicated and spread quickly Most likely require specialized hardware
Can be easily fixed by over-the-air updates Most likely need to replace the hardware
Attack can be distributed over the Internet
requiring less effort and resources
Most likely require lot of effort and resources
19
- 20. “So, we treat them differently.”
Software compromise “soft revocation list”
0 1 2 3 4 5 6 7 8 9 …
A compromised vehicle is put on the SRL first, by flipping its bit.
If the vehicle on SRL continues to misbehave, it is “hard” revoked via
binary tree approach.
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 …1 1 1
20
- 21. Conclusion
Positives
– No need of bidirectional connectivity for certificate download
– Revocation enforced at sender
Soft/hard revocation prevent sender from sending valid messages
Receivers don’t need to store revocation information
Scales naturally, can handle a much higher rate of revocation than current system
– Vehicles can be unrevoked
Vehicles revoked in error
Vehicles whose issues have been addressed
Negatives
– Less agile
– Longer CA lifetimes
Our belief is that positives outweigh the negatives. We hope you feel the same.
21
positives