Pseudonym Certificate Distribution

The basic mechanisms of standardized PSC distribution have been introduced in Section 2.2.4.3. However, prior work has not studied the individual influences of the dedicated sub-mechanisms of the overall PSC dissemination algorithm. Moreover, several details of the standardized algo- rithm show ambiguities, as outlined in the following. Topics covered in this section are partly covered by prior work of the author in [32]3.

3

Contribution of co-authors mainly relates to implementation of considered traffic scenarios and parts of the considered set of PSC distribution mechanisms within the simulation environment. The main contribution is from the author of this work.

In general, the standardized PSC distribution algorithm can be separated into three distinct sub-mechanisms, which are

1. neighborhood aware PSC emission, which can be regarded as an implicit request scheme, i.e., each message serves as an implicit request to respond with including a PSC in case the sender is found to be a new neighbor. Two variants of this mechanism can be used, which are

(a) an unsecured variant, which detects a new neighbor also based on unverified mes- sages not including a PSC, and

(b) a secured variant detecting a new neighbor only based on a message, which could be verified, i.e., it included all certificates required for its validation.

ETSI ITS and WAVE standards use variant no. 1a [125, 176].

2. Explicit requests are used via an optional and variable length list of requested certificates. This list is included on-demand in the security envelope. The maximum number of entries is limited to six in both ETSI ITS and WAVE [125, 176]. Requests for both PSCs and AACs may be present. However, there is hardly any comment on how to manage this list within the standards and prior work has also not looked at this aspect in detail. The main question is how to remove entries from the list. This problem can be separated into two main aspects as follows.

(a) How to handle situations in which more unknown PSCs should be requested than there are free entries in the list? One can either

i. drop new entries in case the list is full,

ii. buffer new entries in a second, longer list and keep existing entries, or

iii. maintain the list in a first in first out (FIFO) manner, i.e., a new entry replaces the oldest one.

(b) How often should a request be sent? Including the choices of i. including a request only once (remove after sending), or

ii. repeating a request. Multiple possibilities exist for this strategy including A. repeating until the request gets answered, or

B. repeating for a fixed time (remove by timeout), or C. repeating for a fixed number of requests, or D. a combination of no. 2(b)iiB and 2(b)iiC.

Strategy no. 2(b)iiA is not recommended in VANETs, because of typically high node mobility and limited communication ranges. This leads to situations in which only a single packet is exchanged between two nodes. Such situations can lead to an unlimited repetition of explicit requests, which causes pure overhead.

3. Cyclic PSC distribution includes a PSC after a timeout elapsed, e.g., after the PSC has not been included during the last second by some other mechanism [125].

To evaluate the different possibilities to create a standard conforming PSC distribution strat- egy, a freeway and an urban roundabout scenario are considered. For details about these sce- narios see Section 3.2. In both scenarios all of the following PSC dissemination strategies are considered. These include,

1. ETSI ITS based PSC emission (see also Section 2.2.4.3) with repeated explicit requests, 2. no. 1 without repeated explicit requests, i.e., onetime requests,

3. no. 1 without unsecured implicit requests, 4. no. 2 without unsecured implicit requests, 5. no. 1 without any implicit requests, 6. no. 2 without any implicit requests,

7. no. 3 without any explicit requests, i.e., only secured implicit requests.

The above given numbering scheme is used to refer to the individual strategies in the remainder of this section.

Approach no. 7 is the only sporadic PSC emission scheme, which does not require to make use of any data set from a message whose digital signature cannot be checked, due to unavail- ability of the sender’s PSC. Thus, an attacker without access to valid ITS credentials cannot influence this PSC dissemination scheme. In contrast, this is possible for proposals no. 1 to 6. The DOS style attack on PSC dissemination from Section 5.1.1 misuses this property.

The core aim of implicit and explicit PSC request schemes is to minimize cryptographic packet loss by enabling fast mutual authentication between new neighbors. Hence, an evalua- tion considering the extend of cryptographic packet loss in two different traffic scenarios under presence of PSC request schemes no. 1 to 7 is provided in the following.

Evaluation results for the freeway scenario (see also Section 3.2) are illustrated in Figure 4.3. The displayed values clearly show that approach no. 1 outperforms its counterparts, as it yields the lowest message discarding rate, i.e., cryptographic packet loss, for all traffic densities. The provided error bars in Figure 4.3 represent the standard deviation, as calculated from collected measurement values. Lower values of the node interval lead to increased traffic density. Hence, the traffic density increases in Figure 4.3 from the left to the right.

One can clearly see an increase in the message discarding ratio caused by disabling the un- secured implicit PSC request mechanism (no. 3 vs. no. 1 and no. 4 vs. no. 2). Completely disabling implicit requests further decreases system performance, as exhibited by results for no. 5 vs. no. 3 and no. 6 vs. no. 4. The only scheme which is able to completely avoid crypto- graphic packet loss by design is an always include strategy. However, the channel load caused by that strategy has been found to be much to high in prior work, see e.g., [133, 135]. Schemes no. 1 to 7 are found to not show a statistically significant difference in regard to caused channel load. Hence, no details about this metric are given here.

Measurement results for the roundabout scenario (see also Section 3.2) are given in Figure 4.4. In general, results for the roundabout scenario are pretty similar to the ones of the

0 0.5 1 1.5 2 2.5 3 3.5 3 4 5 6 7 8 9

dropped messages per second

vehicle interval [s] 1 2 3 4 5 6 7

Figure 4.3: Cryptographic packet loss in the freeway scenario.

freeway scenario discussed before. However, one can see from the comparison of both scenarios that the much lower traffic density also leads to a significant decrease in the number of discarded messages per second.

0 0.1 0.2 0.3 0.4 0.5 0.6 15 20 25 30 35

dropped messages per second

vehicle interval [s] 1 2 3 4 5 6 7

Figure 4.4: Cryptographic packet loss in a roundabout scenario.

All obtained results show that strategy no. 7 leads to the worst system performance in com- parison to the other considered approaches. Thus, found results show a significant dependence of effective PSC dissemination on using unverified information, i.e., unsecured requests. Hence, disabling this mechanisms to guard the system from attacks leads to significant system perfor-

mance degradation in ordinary (i.e., non attacked) use cases.

Moreover, the evaluation results show that strategy no. 1 leads to the lowest amount of found cryptographic packet loss. Furthermore, small standard deviations of measured values illustrate well dependability of the mechanism. Hence, usage of a combination of unsecured implicit and repeated explicit PSC requests is recommend for ETSI ITS.