Abstract

Certificate revocation is a challenging task, especiallyin mobile network environments such as vehicular ad Hoc networks (VANETs).According to the IEEE 1609.2 security standard for VANETs, public keyinfrastructure (PKI) will provide this functionality by means of certificate revocation lists (CRLs).When a certificate authority (CA)needs to revoke a certificate, itglobally distributes CRLs.Transmitting these lists pose a problem as they require high update frequencies and a lot of bandwidth. In this article, we propose BECSI, aBandwidth Efficient Certificate Status Informationmechanism to efficiently distributecertificate status information (CSI) in VANETs.By means of Merkle hash trees (MHT), BECSI allowsto retrieve authenticated CSI not onlyfrom the infrastructure but also from vehicles actingas mobile repositories.Since these MHTs are significantly smaller than the CRLs, BECSIreduces the load on the CSI repositories and improves the response time for the vehicles.Additionally, BECSI improves the freshness of the CSIby combining the use of delta-CRLs with MHTs.Thus, vehicles that have cached the most current CRLcan download delta-CRLs to have a complete list of revoked certificates.Once a vehicle has the whole list of revoked certificates, it can act as mobile repository.