El modelo de Alemania

The purpose of blockchain based pseudonym certificate management system is to reduce the cost of certificate generation and management. The proposed scheme could not only reduce the size of CRL and commu- nication overhead, but also reuse revoked pseudonym certificates due to the shuffling mechanism. Traditional certificate revocation schemes rec- ommend to withdraw certificates from malicious users and remove all related certificates from system, while the proposed scheme is dedicated to not waste certificates. With the nature of shuffling system, the revoked certificates could be collected and re-distributed to other areas.

In the proposed scheme, malicious vehicles will be withdrawn all given related certificates and certificate revocation list will be broadcasted in its area and surrounding neighbour areas for a fixed of time duration.

VCS Using Distributed Digital Ledger

Because of the CRL, all road users within the network know that mes- sages sent from certificates in CRL are not trusted. In addition to the certain geographical CRL distribution, the communication overhead is much less compared with conventional broadcast CRL to every single nodes in the network. So this mechanism could prevent malicious vehi- cles from launching attacks on road users. Even malicious vehicles want to travel to different locations to continue attack, adjacent area privacy managers knows their movement beforehand once they try to request new pseudonym certificates. Otherwise, malicious vehicles have no valid certificates to use in the communication network.

Each certificate in the certificate revocation list has the expire time. After the expire time, these certificates will be collected and removed from CRL by PKI. PKI waits for the next available time for shuffling, and uploads these certificates to the blockchain network. Because of the shuf- fling mechanism, all shuffling certificates will not be distributed back to transaction sender, which means these certificates will not be sent back to the same privacy manager and area where it was from before certificates got revoked. As a result, revoked pseudonym certificates can be treated as fresh pseudonym and used again in different areas. In the mean time, PKI keeps fully record about the movement of these pseudonym certifi- cates.

6.3

Summary

To summary, this chapter introduced a blockchain based certificate revo- cation scheme in order to prevent from insider attacks in VCS and reduce the communication overhead. The proposed scheme used blockchain

VCS Using Distributed Digital Ledger

technique to provide a distributed and decentralised certificate manage- ment system that inherited from the pseudonym management system in Chapter 5. As a result, the proposed system allows PKI to have a timely update mapping table to track the ownership of every pseudonym set and to distribute in an efficient manner. Based on the total processing time, updating mapping table can be operated in every 5 seconds. In ad- dition, an efficient accountability report mechanism is embed with other message service to minimise communication overhead. Two levels in VCS have been discussed, infrastructure level and vehicle level respec- tively. The CRL size has been studied compared with original X.509 and optimised version of X.509. The results show that the blockchain based scheme is able to efficiently compress the size of CRL, resulting almost 12.5 % CRL size of conventional X.509. Secondly, the Blockchain based certificate revocation scheme reduces one-third of the message overheads comparing to the X.509 based schemes among the infrastructure level. Since the blockchain structure provides a distributed structure, the pro- posed scheme achieves more efficiency and more robustness. The results of message overheads between certificate revocation scheme demonstrate the blockchain based system reduce the message communication burden by minimising the overall number of broadcast messages.

Chapter 7

Conclusion and Future Work

This chapter concludes the main contributions of the thesis. The future work is discussed in detail after the conclusion.

7.1

Conclusion

In vehicular communication system, pseudonyms are used to preserve identity and location privacy. This thesis investigates challenges of using pseudonyms and presents novel solutions. The main contributions of this research are summarised as follows:

In Chapter 4, a Cooperative Pseudonym Change scheme (CPCS) is proposed for preserving privacy in VCS. In CPCS, it takes the traditional VCS network as system model, which CA is the central manager on top level, RSU is acting as more than just access point and vehicles locates on the bottom. Butterfly key expansion is used for pseudonym certificate generation and CA would dynamically distribute pseudonyms to RSUs based on the traffic flow of different regions. The RSU plays an important role in CPCS, which not only relays messages between CA and vehicles, but also assists similar context vehicles to change pseudonym simulta- neously. Vehicles have two approaches for pseudonym changing. One is

periodically change pseudonyms from its pre-loaded pseudonym pool in the OBU. In addition, vehicles will be required to change pseudonym in the mix zone if they have enough surrounding neighbours. The results of evaluation are carried out by using simulation tools OMNET++ and Sumo. CPCS has achieved nearly 20 % more anonymity set size in light traffic congestion compared with the benchmark. In addition, the en- tropy, degree of anonymity and successful tracking ratio have also been studied to get the insight of different privacy metrics evaluate privacy preserving schemes.

In Chapter 5, a Decentralised Pseudonym Management System (DPMS) using distributed digital ledger is proposed for recycling pseudonym certificates in VCS. Since Chapter 4 provides a solution of pseudonym changing in vehicles, the problem of mass pseudonym certificates pro- duction still remains. Especially, the proposed method needs a large amount of pseudonym in total. In order to alleviate the communication burden, DPMS has adopted the traditional VCS system model by intro- ducing privacy managers (PM) and placing them between CA and RSU. Unlike the traditional VCS network system, CA in DPMS only involves at the registration stage and when malicious behaviours occur, and PM network manages pseudonym certificates most of the time. To ease the difficulty in managing millions of pseudonym certificates, DPMS has included the consensus mechanism of blockchain to provide fully ran- dom and distributed pseudonym shuffling so that all pseudonyms can be reused. In addition, the blockchain technique also provides more ro- bustness and resilience for the decentralised and distributed system. As a result, the adopted private blockchain system has achieved cost-efficient pseudonym management. Furthermore, DPMS extends the function of CPCS by adding the virtual mix zone to provide more places for vehicles

changing pseudonyms. For the results evaluation, Chapter 5 discussed several types of vehicle privacy attacks and defence measures that are en- abled by our proposed blockchain-based system. Meanwhile the simu- lated pseudonym reuse frequency, total amount of pseudonym consump- tion and delivery rate corroborate that our proposed scheme can be used in connected vehicular networks and that it could significantly reduce the cost of pseudonym related generation and maintenance of credentials. The total pseudonym usage for 3 days of the proposed scheme could save nearly 90 % compared with ESTI recommended standards. In ad- dition, a total process time is computed which shows that our scheme is capable of performing pseudonym shuffling with over 1, 000 blockchain transactions in 2 seconds.

In Chapter 6, a Distributed Pseudonym Certificate Revocation Scheme (DPCRS) is proposed as an extension for certificate management based on previous Decentralised Pseudonym Management System. Since DPMS system provides a framework that pseudonym certificates shuffling mech- anism, DPCRS proposes a novel certificate revocation system to prevent from insider attacks and reduce the communication overhead. The pro- posed system allows PKI to have a timely update mapping table to track the ownership of every pseudonym set and to distribute in an efficient manner. In addition, an efficient accountability report mechanism is em- bed with other message service to minimise communication overhead. The CRL size has been studied compared with original X.509 and op- timised version of X.509. The results show that the blockchain based scheme is able to efficiently compress the size of CRL, resulting nearly 12.5 % CRL size of conventional X.509. Secondly, we compare the overall message handshake procedures with traditional revocation scheme at in- frastructure level, saving 33.3 % message overheads. Since the blockchain

structure provides a distributed structure, the proposed scheme achieves more efficiency and more robustness. Finally, we discussed the system could release all the revoked pseudonym certificates back to the network using shuffle mechanism so it could save the cost of pseudonym certifi- cate generation and minimise the difficulty of certificate management.