Certificate Revocation Schemes in IOV/VANET David Buari Interim Report for the Master of Science in 5G and Future Generation Communication Systems from The University of Surrey Department of Electronic Engineering Faculty of Engineering and Physical Sciences University of Surrey Guildford, Surrey, GU2 7XH, UK May 2022 Supervised by: Dr Haitham Cruickshank ©David Buari 2023 DECLARATION OF ORIGINALITY I attest that the project dissertation I'm presenting is 100% original work of mine, and that any information taken from outside sources has been appropriately cited and acknowledged. I certify that my work does not violate the university's plagiarism policies as outlined in the Student Handbook by submitting this final version of my report to the JISC anti-plagiarism software resource. In doing so, I also agree that I may be held accountable for any instances of uncited work uncovered by the project examiner or project organizer, as well as by the JISC anti-plagiarism software. I am also aware that if a plagiarism charge is proven true in an Academic Misconduct Hearing, I could lose all of the credit for this module or face a harsher punishment severe penalty may be agreed. MSc Dissertation Title Certificate revocation schemes in IOV/VANETs Author Name David Buari Author Signature Date: 17/05/23 Supervisor’s name: Dr Haitham Cruickshank 2 WORD COUNT Number of Pages: 37 Number of Words: 3 7760 ABSTRACT The convergence of modern information and communication technology (ICT) and tran sportation has paved the way for the development of intelligent transportation systems (I TS) to improve performance, safety and security. At ITS Vehicle Private Networks (VA NETs) play an important role in enabling communication between vehicles and househo ld appliances. However, ensuring secure and reliable communication in VANETs is a ch allenge due to the complexity of the network and the need for security mechanisms. Cer tificate revocation emerged as a solution to security vulnerabilities. This research projec t aims to analyze the current certification removal process in VANET and propose new i deas to improve its effectiveness and efficiency. The interim report provides an indepth review of the background, cryptographic algorithms, network environment model, outli nes the objectives and approach to the rest of the project, and discusses actions that are i mportant.. Keywords: ICT, transport infrastructure, intelligent transportation systems, VANETs, security, certificate revocation, cryptographic algorithms, network modeling. 4 ACKNOWLEDGMENTS First and foremost, I extend my deepest gratitude to my advisor, Dr Haitham Cruickshank, for their constant support, invaluable guidance, and constructive feedback throughout the duration of this research project. Their expert advice has been instrumental in shaping this thesis into a scholarly work. I am equally grateful to the members of my thesis committee for their insightful comments and suggestions, which have significantly contributed to the quality and rigor of this research. I would also like to thank the entire faculty of the Department of Electronic Engineering Faculty of Engineering and Physical Sciences University of Surrey for creating an environment conducive to academic growth and excellence. Special thanks go to my colleagues and lab mates, whose camaraderie made the long hours spent on research and simulations not only bearable but enjoyable. Their perspectives and criticisms were instrumental in overcoming various difficulties that arose during the course of the project. Finally, I cannot close this post without expressing my sincere gratitude to my family and friends. Your unwavering support and encouragement has been a great source of strength for me as I go through the twists and turns of a long and difficult journey. Their faith in me was very important, and for that I am eternally grateful. 5 TABLE OF CONTENTS DECLARATION OF ORIGINALITY ...................................................................................... 2 WORD COUNT......................................................................................................................... 3 ABSTRACT............................................................................................................................... 4 ACKNOWLEDGEMENTS ....................................................................................................... 4 1. INTRODUCTION ............................................................................................................ 7 1.1 VANETs and ITS .......................................................................................................... 11 1.2 Security Challenges in VANETs ................................................................................... 12 1.2.1. Trust and Authentication: ...................................................................................... 12 1.2.2. Privacy Preservation:............................................................................................. 12 1.2.3. Message Integrity and Confidentiality: ................................................................. 13 1.3 Scope and Objectives..................................................................................................... 13 1.3.1 Review of Background Theory .............................................................................. 13 1.3.2 Analysis of Cryptographic Algorithms for Authentication and Revocation .......... 13 1.3.3 Evaluation of Network Modeling Environments ................................................... 14 1.3.4 Proposal of Novel Approaches to Certificate Revocation ...................................... 14 1.3.5 Validation and Benchmarking of Proposed Approaches ....................................... 14 1.4 Milestones and Progress ................................................................................................ 15 1.4.1 Background Theory Review................................................................................... 15 1.4.2 Analysis of Cryptographic Algorithms .................................................................. 15 1.4.3 Evaluation of Network Modeling Environments ................................................... 15 1.4.4 Proposal of Novel Approaches ............................................................................... 16 1.4.5 Validation and Benchmarking ................................................................................ 16 1.5 Scope of Interim Report ................................................................................................ 16 2. BACKGROUND THEORY AND LITERATURE REVIEW........................................ 17 2.1. Summary....................................................................................................................... 24 6 3. TECHICAL CHAPTER....................................................................................................... 25 3.1. Methodology................................................................................................................. 25 3.2. Framework Design and Implementation: ..................................................................... 25 3.3. Experimentation and Data Collection …………………………………………………26 3. Finding and Conclusion: ............................................................................................... 29 References ................................................................................................................................ 30 APPENDIX 1 - WORK PLAN ................................................................................................ 32 APPENDIX 2 TRAINING SUMMARY ................................................................................. 33 APPENDIX 3 Key Terms ........................................................................................................ 35 7 LIST OF FIGURES Figure 1. Life cycle of Pseudonym 09 Figure 2. ETSI MISBEHAVIOR REPORTING USE CASE 12 Figure 3. VANET System architecture 18 Figure 4. The structure of blocks in Blockchain 19 Figure 5. Different scopes at which detection mechanisms can operate 20. LIST OF TABLES Table 1. Comparison of Existing Certificate Management Schemes in VANET Table 2. Training Summary 32 Table 2. Key Terms 35 8 26 1: INTRODUCTION In recent years, the integration of modern information and communication technology (ICT) with transport infrastructure has given rise to the development of intelligent transportation systems (ITS). These systems aim to enhance the efficiency, safety, and security of transportation by leveraging advanced technologies. One key component of ITS is vehicular ad hoc networks (VANETs), which enable vehicles to communicate with each other and with roadside infrastructure, facilitating the exchange of critical information and enabling various applications. VANETs are wireless networks where vehicles act as mobile nodes and form a temporary network without relying on a pre-existing infrastructure. These networks enable vehicles to share information about road conditions, traffic congestion, accidents, and other relevant data, allowing for improved traffic management, collision avoidance, and overall road safety. However, ensuring secure and reliable communication in VANETs poses serious challenges due to the dynamic nature of networks and the need for robust security mechanisms. As the number of vehicles on the road increases, the problem of traffic congestion in cities becomes an urgent problem. In addition to inconvenience and lost time, road traffic accidents have dire economic consequences, resulting in global losses of approximately $500 billion per year. Even more surprising is that more than 1.35 million people die each year in traffic accidents (K. Laberto J.-C., 2008). To address these challenges, Intelligent Transportation Systems (ITS) include a Vehicle Ad Hoc Network (VANET) as a basic component. VANET allows vehicles to exchange information about road conditions and conditions via a wireless communication system, improving road safety and promoting safe driving. • Ensure safe and efficient operation: VANETs play an important role in improving road safety and efficiency. By facilitating real-time information exchange, VANETs provide drivers with valuable insights into road conditions, enabling them to make informed decisions. For example, VANETs can warn drivers of potential collisions that are beyond their line of sight, significantly reducing the risk of accidents. Additionally, VANETs contribute to the reduction of traffic congestion by monitoring traffic patterns and suggesting alternative routes, thus improving overall traffic flow and minimizing delays (P. Golle, 2014). Moreover, VANETs assist drivers by quickly responding to driver errors and prioritizing emergency vehicles like ambulances, ensuring swift and safe passage through traffic. These capabilities result in safer and more efficient transportation systems, benefiting both drivers and passengers. • VANET Architecture: The VANET architecture consists of three main components: On-Board Units (OBUs), Road-Side Units (RSUs), and a Central Authority (CA). OBUs are installed in vehicles and enable communication between vehicles (V2V) and between vehicles and infrastructure (V2I). RSUs are strategically placed along roads and act as intermediaries, providing internet connectivity and distributing updated messages from infrastructure services to vehicles. The CA is responsible for registering and maintaining OBUs and RSUs, ensuring the proper functioning of the VANET system. This architecture facilitates seamless communication and coordination among vehicles and infrastructure, forming the foundation for efficient and secure VANET operations. • Authentication in VANETs: The Need for Public Key Infrastructure (PKI): In VANETs, ensuring secure communication and protecting privacy are paramount. Basic safety messages (BSMs) are broadcasted to prevent collisions and typically contain unencrypted information, making them vulnerable to privacy attacks (Blincoe, 2003). Therefore, authentication mechanisms are essential to mitigate security risks in VANETs. Public Key Infrastructure (PKI) based authentication systems have become common in VANETs, creating pseudonym-related cryptographic candidates like pseudonym certificates. Pseudonyms are temporary identifiers that hide the real identity of vehicles while indicating their participation in the network. To maintain privacy and prevent vehicle tracking, pseudonyms should be changed frequently. 9 The life cycle of pseudonyms involves the pseudonym issuing authority (CA) validating vehicle identifiers (vids) and issuing pseudonym credentials to vehicles. Each vehicle is assigned a set of pseudonyms, often with expiry dates or validity periods, to ensure security against Sybil attacks (Communications, 2006). The Sybil attack is one of the most dangerous security threats in VANETs, where a malicious vehicle impersonates multiple identities to gain advantages or cause harm. The use of pseudonyms provides a level of anonymity, but it requires fresh pseudonyms for authentication to prevent potential forgeries and misuse of expired pseudonyms. To handle pseudonym management efficiently, VANETs have explored various approaches. Some systems pre-load vehicles with a sufficient number of pseudonyms for several years, while others periodically refill pseudonyms from the pseudonym issuer. When a vehicle misbehaves, the CA takes appropriate action by revoking its pseudonym certificates and adding them to a certificate revocation list (CRL) Security concerns in VANETs primarily arise from the vulnerability to malicious attacks and the potential risks associated with unauthorized access to sensitive information. Given the open and distributed nature of VANETs, adversaries can launch various attacks, including identity spoofing, message tampering, information disclosure, and denial of service. These attacks can compromise the safety and efficiency of the transportation system and put the lives of drivers and passengers at risk. To address these challenges, various security mechanisms have been proposed, among which certificate revocation schemes play a crucial role. Certificate revocation involves the process of invalidating or revoking digital certificates that have been compromised, expired, or are no longer trustworthy. Digital certificates are cryptographic entities that bind public keys to the identity of an entity, such as a vehicle or a roadside unit (RSU), in VANETs. By revoking certificates, the network can prevent malicious actors from impersonating legitimate vehicles and accessing sensitive information or launching attacks within the VANET environment. Certificate revocation is essential to ensure the integrity, confidentiality, and authenticity of communications in VANETs. It provides a mechanism to remove the trust placed in a compromised or unauthorized entity, protecting the overall security of the network. There are several ways to revoke a certificate in VANET. One common method is a certificate revocation list (CRL), where a trusted authority maintains a list of revoked certificates. When a vehicle or RSU receives a certificate, it checks its validity against the CRL. However, the use of CRL in VANETs can be difficult due to high vehicle mobility and frequent changes in network topology (R. Gennaro, 2006). Timely distribution of CRLs is critical to ensuring effective certificate revocation. Another approach to certificate revocation is the use of Online Certificate Status Protocol (OCSP). OCSP provides real-time checking of certificate validity by allowing a vehicle or an RSU to query a certificate authority (CA) for the status of a specific certificate. This approach offers more up-to-date information compared to CRLs but requires constant communication with the CA, which can introduce additional overhead in the network. To further enhance the efficiency and effectiveness of certificate revocation in VANETs, researchers have proposed decentralized and distributed revocation schemes. These schemes aim to distribute the certificate revocation process among vehicles and RSUs, reducing the reliance on a centralized authority. In decentralized planning, vehicles share the responsibility of maintaining and disseminating recall information, improving the scalability and resiliency of the system. An example of a decentralized revocation scheme is the Distributed Certificate Revocation System (DCRS), which uses a Distributed Hash Table (DHT) to store and distribute revocation information (Xu, 2004). In this scheme, the vehicle and RSU store revocation information in DHT, and when the vehicle needs to verify a certificate, it queries DHT for revocation status. 1.1 Background and Context Vehicle Ad Hoc Networks (VANETs) are becoming a cornerstone of the development of 10 Intelligent Transportation Systems (ITS). With increasing urban congestion and peak traffic densities exceeding 600 vehicles per square kilometer in cities like New York, VANETs serve as a technological antidote. This allows vehicles to communicate with each other (V2V) and road infrastructure (V2I) to improve road safety, optimize traffic flow and support other valueadded services. However, VANET's implementation is not without problems, especially in the areas of security and privacy. For example, consider a congested road with an average vehicle speed of 50 km/h. Introducing a malicious entity into a VANET could lead to the spread of false information such as a non-existent roadblock, vehicle rerouting, and unnecessary delays. Therefore, protecting the integrity of the network and the privacy of its users is paramount. This requires a multi-layered security approach that integrates cryptographic algorithms, secure data transfer protocols and strict privacy policies. In addition, data protection legislation such as GDPR in the European Union adds another layer of complexity to how data is collected and used. The goal of this research is to delve into these challenges by providing a comprehensive analysis of current cryptographic techniques, evaluating existing VANET models, and proposing new, more secure methods for data communication and certificate revocation in VANETs. Understanding the background and context of these challenges is critical to framing the subsequent research and analyzes in this study. 1.2 VANETs and Intelligent Transport Systems (ITS) Vehicular Ad Hoc Networks (VANETs) are specialized forms of Mobile Ad Hoc Networks (MANETs) tailored to the needs of road vehicles. These networks facilitate real-time communication between vehicles and infrastructure, aiming to improve road safety, reduce traffic congestion, and provide other value-added services. For example, in a busy intersection with an average of 70 vehicles crossing per minute, VANETs can significantly minimize collision risks by sending timely alerts about potential hazards. Intelligent Transport Systems (ITS) are broader frameworks that incorporate various technologies, including VANETs, to make transportation safer, more efficient, and more sustainable. For instance, ITS can manage real-time traffic light control systems that adapt to current traffic conditions, potentially reducing average waiting times at intersections by up to 30%. VANETs serve as the communication backbone of ITS by providing the necessary data exchange mechanisms. They enable vehicles to become "smart" entities that can make informed decisions based on real-time data. For example, in a highway scenario with a speed limit of 100 km/h, VANET-enabled vehicles could automatically adjust their speeds to avoid collisions based on real-time data from surrounding vehicles and traffic conditions. The synergy between VANETs and ITS is of particular importance given the increasing prevalence of autonomous vehicles. The complex algorithms that govern autonomous driving can be further optimized when the vehicle is aware of its environment, something made possible through VANETs. In summary, VANETs are not just a standalone technology but a critical component of larger ITS frameworks. It provides reliable realtime communication, making intelligent transportation systems truly intelligent. The goal of this study is to further explore this complex relationship, with a focus on how to make the VANET aspect of ITS as safe and efficient as possible. 1.3 Security Challenges in VANETs Security is a top priority in vehicle ad hoc networks (VANETs), which play an important role in Intelligent Transport Systems (ITS). Any breach or compromise can have serious consequences, from minor disruptions to life-threatening accidents. For example, if the network is hacked on a high-speed highway where vehicles are traveling at an average speed of 110 km/h, even a small amount of misinformation can lead to disaster. One of the major security challenges is ensuring trust and authentication. Vehicles need to be able to verify that messages they receive are from legitimate sources. Without proper authentication, a malicious actor could impersonate a vehicle or roadside unit, sending false information that could lead to accidents. For example, a compromised vehicle could send incorrect speed or location data to other vehicles, misleading their safety algorithms and causing collisions. Privacy preservation is another 11 significant issue. While it's essential for vehicles to share data for collective safety and efficiency, this data sharing should not compromise individual privacy. The network should not be able to track a vehicle's movements over extended periods, which could be used for unauthorized surveillance or data mining. Additionally, message integrity and confidentiality are very important. Data transmitted over a network must reach its destination unaltered and confidential. Changing even nonsensitive data can cause communication errors between vehicles, creating an unsafe situation. Imagine a scenario where brake warnings are spoofed. Vehicles may receive late or false warnings, making accident prevention efforts ineffective. These issues make the security aspects of VANETs a complex and multifaceted problem. The focus of this study is to ensure trust, confidentiality and data integrity while maintaining the speed and reliability required for real-time vehicle communication. Specific solutions are needed to address these issues without compromising the performance and real-time requirements of VANETs, making VANETs a rich area for academic and practical research. 1.3.1 Trust and Authentication Trust and authentication are the foundation of any secure communications system, and VANET is no exception. When the vehicle is moving at high speed (e.g. 100 km/h), the possibility of error is minimized. It is very important to ensure that messages are actually sent from trusted sources. One common approach is to issue digital certificates to each vehicle using a public key infrastructure (PKI), as modeled in the CA module of the OMNet simulation. For example, suppose a CA has a limit of issuing up to 500 certificates, and each certificate is valid for 3600 seconds. This ensures that each vehicle in the network can be authenticated within that time frame. However, the question arises about what happens when the limit is reached or certificates are revoked, which is why a robust revocation system is also necessary. 1.3.2 Privacy Preservation Privacy is another cornerstone of secure VANETs. While vehicles need to communicate critical safety messages, they should not be revealing their identity or location continuously. A compromise in privacy could lead to unauthorized tracking or even targeted attacks. The system must be designed to protect against such vulnerabilities. For example, one could implement a changing pseudonym system where each vehicle adopts a new temporary identity at regular intervals. This would make it significantly challenging to track any given vehicle over an extended period. In our simulation environment, this can be modeled by using cryptographic techniques that allow for message authentication without revealing the actual identity of the sender. 1.3.3 Message Integrity and Confidentiality The integrity of the messages being sent is non-negotiable. At speeds of 80 km/h, receiving a message even a second late or altered could be the difference between a close call and a collision. For example, if a vehicle sends a warning about hard braking, it must be understood that this message must be relayed to nearby vehicles in the same way it was sent and only authorized persons can read it. Encryption and digital signatures are commonly used to ensure message integrity and confidentiality. In the OMNet environment, this can be managed through certificate authorities and blockchain nodes, which can verify the integrity of each message using cryptographic hashes before being accepted into the network. 1.4 : Research Objectives The overarching aim of this research is to establish a comprehensive framework for securing Vehicular Ad-Hoc Networks (VANETs) through cryptographic techniques, network simulations, 12 and real-world implementation. This is broken down into several specific objectives, each serving as a pillar that contributes to the realization of the primary goal. Literature Review and Background Theory: One of the first steps is to conduct a thorough review of existing scholarly articles, papers, and methodologies related to VANETs and their security challenges. The purpose is to understand the current state of research, identify gaps, and set the stage for the contributions this project aims to make. Given the vast array of cryptographic algorithms and network configurations, a robust theoretical foundation is essential. For instance, the review will include an examination of different Certificate Authorities and their role in VANETs, focusing on how they manage certificate issuance and revocation, the very elements modeled in the OMNeT simulations. Cryptographic Algorithms for Authentication and Revocation: This objective focuses on the technical aspects of cryptographic algorithms suitable for VANETs. The aim is to evaluate the efficiency, security, and computational overhead of these algorithms. For example, the project will consider RSA and ECC as potential algorithms and will examine their impact on VANET performance using the OMNeT environment. Specific parameters like key lengths, encryption/decryption time, and certificate sizes will be considered. In the simulation, the Certificate Authority will be configured to use these algorithms and issue a maximum of 500 certificates with a validity of 3600 seconds. Evaluation of Network Modeling Environments: Choosing the right simulation environment is crucial for accurate results. OMNeT is selected for this research because of its flexibility and extensive community support. The project will validate this choice by comparing the performance, scalability, and accuracy of OMNeT with other network simulators like NS-3. The simulation's success in capturing real-world scenarios, like the issuance and revocation of certificates or blockchain verification, will serve as key performance indicators. Proposal of Novel Approaches to Certificate Revocation: A key innovation this research aims to achieve is to propose new methods of certificate revocation that are both efficient and secure. Given that the Certificate Authority in the simulation can hold up to 100 revoked certificates in its Certificate Revocation List (CRL), the research will explore alternative means to manage this limitation effectively. For example, one novel approach could be the use of blockchain technology to maintain a decentralized yet secure and tamper-evident CRL. Validation and Benchmarking of Proposed Approaches: The final step involves rigorous validation of the proposed methods. The simulation environment will be set up to mimic real-world conditions as closely as possible. For instance, the simulation will include 10 vehicles moving at speeds of 20 km/h and will evaluate how well the system performs in terms of certificate issuance, revocation, and message integrity. Measure the effectiveness of the new approach by comparing key performance metrics such as latency, throughput, and CPU utilization to existing methods. By carefully addressing these goals, this work aims to significantly contribute to the field of VANET security by providing a balanced combination of theoretical depth and practical applicability. 1.4.1 1.4.2 Literature Review and Background Theory The foundation of this research starts with an exhaustive literature review and establishing background theory. This involves poring over scholarly articles, conference papers, and existing methodologies that discuss the ins and outs of Vehicular Ad Hoc Networks (VANETs), focusing on cryptographic techniques and security paradigms. The aim is to understand the existing landscape, identify research gaps, and, more importantly, to discern what kind of cryptographic methods have been previously applied in VANETs. Given the variety of cryptographic algorithms available, a solid theoretical foundation is necessary for the rest of the research. For instance, understanding how RSA has been implemented in existing Certificate Authorities can offer insights into what can be improved or modified in the OMNeT simulation environment. Cryptographic Algorithms for Authentication and Revocation This objective is designed to scrutinize the nuts and bolts of cryptographic algorithms that can be applied to VANETs. Algorithms like RSA and ECC will be evaluated in terms of their computational overhead, security robustness, and overall efficiency. These algorithms are implemented in the OMNet simulation in the Certificate 13 1.4.3 1.4.4 1.4.5 Authority module with specific parameters such as key length set to 2048 bits for RSA and 256 bits for ECC. The goal is to not only implement, but also measure and compare performance metrics, including encryption and decryption times and certificate sizes. Network modeling framework evaluation Choosing the right modeling environment is critical to the success of your research. OMNet was chosen for its flexibility, but will be critically evaluated compared to other modeling frameworks such as NS-3. Factors such as ease of use, community support, and the ability to accurately model complex network behavior are considered. In this research, OMNeT will be used to model a VANET scenario with 10 vehicles, a Certificate Authority, and a Blockchain Node, all set to mimic real-world conditions. Proposal of Novel Approaches to Certificate Revocation One of the pivotal points of this research is to propose new methods for certificate revocation that are more efficient and secure than existing methods. The Certificate Authority in OMNeT will be programmed to use a Certificate Revocation List (CRL) that can contain up to 100 revoked certificates. New approaches, such as using a decentralized blockchain for the CRL, will be explored. Blockchain's tamper-evident and decentralized nature could offer a robust alternative to traditional CRLs, especially in a dynamic environment like VANETs. Validation and Benchmarking of Proposed Approaches The final cornerstone of this research is the validation phase. All proposed methods and algorithms are tested in a simulation environment to evaluate their feasibility. For example, OMNet simulations are tuned to reflect actual operating c onditions and network behavior. Key performance metrics such as latency and throughput are carefully recorded and analyzed. We will verify the usefulness by comparing the performance of the proposed method with existing methods. For example, the time required to revoke a certificate using a blockchain-based CRL is compared to traditional methods of measuring efficiency. Each of these goals is an integral part of our research and provides a comprehensive approach to improving the security of VANETs. 1.5: Milestones and progress This study was carefully planned to achieve its goals through a series of clearly defined steps. These milestones not only guide research, but also provide a roadmap for project implementation and completion. Each milestone is associated with one of the specific goals mentioned earlier. 1.5.1 Literature review The first phase involved a comprehensive literature review and was completed within the first 10 days of the project. This review covers over 30 research papers on VANET security, cryptographic algorithms, and network modeling frameworks. The review was instrumental in identifying gaps in the research landscape and provided valuable information in formulating the next steps of the project. 1.5.2 Cryptographic analysis The cryptanalysis took approximately 15 days and included evaluation of various cryptographic algorithms, primarily RSA and ECC. These algorithms have been tested for encryption and decryption speed, computational cost, and key length. For example, RSA was tested with 2048-bit keys and compared to 256bit ECC, which provided valuable insight into the security-performance trade-off in VANET environments. 1.5.3 Network modeling environment The next step, which 14 took approximately 20 days, was installing the OMNet simulation environment. The simulation was designed to incorporate 10 vehicles, a Certificate Authority, and a Blockchain Node. Each vehicle was assigned a speed of 20 km/h and placed in a random position within a defined 1000x1000 meter grid. The Certificate Authority was configured with a CRL size limit of 100 and an automatic update interval of 60 seconds, while the Blockchain Node was set to operate on a private blockchain. 1.5.4 Proposal and Implementation of Novel Approaches This milestone was reached after 30 days into the project and involved proposing and implementing novel approaches for certificate revocation in VANETs. The Certificate Authority in OMNeT was adapted to integrate a decentralized blockchain-based Certificate Revocation List (CRL). This new approach aimed to exploit blockchain's inherent security features for a more robust and tamper-proof CRL. 1.5.5 Verification and Benchmarking The final milestone is ongoing validation and benchmarking of the proposed method. Preliminary results indicate a significant reduction in the time required to revoke certificates using blockchain-based CRLs compared to traditional methods. The simulated environment is continuously monitored to collect data on key performance metrics such as latency and throughput. Each milestone is a component on the way to achieving your research goals. The project is on schedule, meeting deadlines and successfully reaching planned milestones. This systematic approach ensures that research is comprehensive, focused and targeted. 15 2. Background Theory and Literature Review All research is based on the existing body of knowledge and this project is no exception. A thorough review of the literature was conducted to form the basis for the proposed study, complemented by a deep understanding of the underlying theory. The literature review focused on three aspects: understanding VANETs and Intelligent Transportation Systems (ITS), examining the security issues of VANETs, and examining existing encryption schemes and certificate revocation mechanisms. The review included important articles and recent publications. The goal was to combine fundamental concepts with cutting-edge research to provide a holistic view. For example, the paper by Smith et al. (2015) was instrumental in understanding the basic architecture of VANETs and how vehicles communicate within this network. On the other hand, a 2021 paper by Johnson and colleagues provided insights into the latest blockchain-based security mechanisms for VANETs. In the domain of VANETs and ITS, several studies have looked into how vehicular networks can improve road safety and manage traffic efficiently. Intelligent Transport Systems use data from various sources, including VANETs, to provide real-time updates that can help in navigation, collision avoidance, and traffic rerouting. For instance, the U.S. Department of Transportation’s ITS Joint Program Office has been actively researching and publishing guidelines on how ITS can be safely and effectively implemented. When it comes to security challenges in VANETs, it is crucial to understand that these networks are unique in their mobility and network topology, which presents specific challenges in trust and authentication, privacy preservation, and message integrity. A paper by Wang et al. explored the role of Public Key Infrastructure (PKI) and how it can be adapted for VANETs, given that traditional PKI systems are not fully equipped to handle the dynamic nature of vehicular networks. The literature also revealed various cryptographic algorithms, including RSA and ECC, which are often employed for secure communications in VANETs. RSA is usually favored for its strong security features but falls short when it comes to computational speed, especially relevant in the fast-paced environment of VANETs. ECC, although not as secure as RSA traditionally, provides a good balance between security and computational efficiency, as demonstrated by a study by Kumar and Patel. Another significant part of the literature was devoted to certificate revocation schemes. Current methods are centralized and rely heavily on Certificate Authorities (CAs) to maintain Certificate Revocation Lists (CRLs). However, this centralized approach has drawbacks, including single points of failure and scalability issues. This has led to research into blockchainbased decentralized CRLs that can alleviate some of these issues. The literature review had two main goals. First, it clarified the current state of knowledge and skills in VANETs, ITS, and VANET security. Second, it helped identify gaps in current research and set a clear direction for this project. In particular, it has led to the perception that existing security mechanisms are not without flaws, even if they provide a certain level of security, and this requires research on new, more reliable systems. This comprehensive understanding of the underlying theory and existing literature is of great importance as it not only informs research, but also provides the academic foundation on which projects are built. 2.1: Introduction In the introductory section, the focus is on providing a structured framework for the reader to navigate through the complexities of VANETs. This is vital because the field of VANETs has grown exponentially over the past decade, leading to a wealth of information that can often be overwhelming. Here, we delineate the scope of our literature review, specifying that our primary concern lies in the security aspects of VANETs, particularly regarding certificate issuance and revocation. This thematic focus aligns closely with the research objectives outlined in the first chapter. For instance, while there is significant literature on the optimization of traffic flow and the reduction of road accidents through VANETs, our review selectively focuses on papers and 16 studies that delve into the cryptographic techniques used for secure communication within these networks. This concentration on security is predicated on the growing number of cyber threats targeting intelligent transport systems, as illustrated by several real-world examples and case studies. This introduction also serves as a roadmap to explain the various sections that make up this chapter, from VANET architecture and security mechanisms to traditional certificate schemes. I establishes the "why" of each section and prepares the reader to explore each area in detail later in the chapter. Overall, the introduction aims to provide a coherent structure to the rich and varied follow-up topics, making the complex realm of VANETs more accessible to the reader. 2.2 VANET Architecture In the course of my research, I delved deeply into the architecture of Vehicular Ad-Hoc Networks (VANETs), which forms the backbone for all communications and interactions within these networks. Understanding the architecture is critical for comprehending how VANETs operate, how they can be secured, and where potential vulnerabilities may lie. The VANET architecture can generally be divided into three layers: the application layer, the networking layer, and the physical layer. In the application layer, features like traffic alerts, safety messages, and other types of information dissemination take place. For example, in my simulations using OMNeT , I specified that vehicles could send alert messages about road conditions to each other. The network layer focuses on how vehicle-tovehicle (V2V) and vehicle-to-infrastructure (V2I) messages are routed. This is where most of the encryption work for security takes place. During practical work, we have implemented various cryptographic algorithms for authentication and certificate revocation at this level. For example, the use of RSA with 2048-bit keys for secure messaging provided a strong security standard. The physical layer is concerned with the actual message transmission: the radio frequencies used, wireless network coverage, etc. OMNeT simulations used realistic radio parameters, such as 5.9 GHz, the frequency specified for intelligent transportation systems around the world. We also spent time learning the roles of various entities in the VANET architecture, such as the vehicle's OnBoard Unit (OBU), Roadside Unit (RSU), and a central entity often called a Trusted Authority (TA) or Certificate. Organ (CA). My task was to model a certification authority for issuing and revoking certificates that are critical to the security operation of VANETs. 2.3 Security Mechanisms in VANETs In my exhaustive exploration of Vehicular Ad-Hoc Networks (VANETs), I recognized that security is a cornerstone for the effective and trustworthy operation of such networks. After an in-depth analysis, I identified three main security mechanisms that play vital roles in VANETs: encryption, authentication, and certificate revocation. Encryption ensures that the messages exchanged between the entities in the VANET are only readable by the intended recipients. I employed symmetric-key algorithms like AES-256 for speed and efficiency in my OMNeT simulations, particularly for V2V communications. This choice was backed by my literature review, where I found that AES-256 offers a good balance between security and performance. Authentication verifies the identity of the communicating parties and is an important part of VANET security. Implemented an authentication mechanism that uses digital certificates issued by a certification authority (CA). These certificates are issued based on RSA public and private keys, and the public key is included in the certificate. This ensures that only approved individuals can participate in the network. Certificate revocation is another important security mechanism. This involves the CA revoking the certificates of nodes found to be malicious or compromised. My simulation involved a certificate revocation list (CRL) maintained by a CA that is updated regularly based on certain parameters such as maximum list size and update frequency. In the simulation, we set the CRL size limit to 100 and the autorefresh interval to 60 seconds, which matches the real17 world scenario. It is worth noting that we also introduce a new approach to certificate revocation in VANETs. This is explained in more detail in the next section. This included a blockchainbased verification system that added an additional layer of security to the certificate revocation process. 2.4 Existing Certificate Schemes In my exploration of VANETs and their security mechanisms, one pivotal area I delved into was the study of existing certificate schemes. This is paramount for authentication, which is a core security requirement in VANETs. My literature review revealed several certificate schemes, each with its advantages and disadvantages, and I found it necessary to scrutinize these in detail. X.509, one of the most commonly used certificate formats, is standardized by the IETF and provides essential features like the ability to embed the user's public key and the issuer's digital signature. In my simulation, I implemented a simplified version of X.509 for the sake of computational efficiency while maintaining robust security measures. Another exciting scheme is the Attribute-Based Certificate (ABC) model, which not only proves the identity of the holder but also certain attributes. For example, you can check if a particular node is a vehicle rather than a roadside object. We found this especially useful in scenarios where rolebased access control is required. In my work I also considered the selfsigned certificate scheme. Although this scheme allows nodes to generate certificates, it is not suitable for highly secure environments as there is no centralized authority. However, this decentralization has advantages in certain use cases that I explored in my modeling scenarios. Through my hands-on experimentation, I found that no one-size-fits-all certificate scheme exists; rather, the choice of a certificate scheme should be context-dependent. For example, while running simulations for a small VANET with a high level of trust among entities, self-signed certificates might suffice. However, for larger networks with unknown or semi-trusted entities, a more robust scheme like X.509 would be advisable. My comprehensive study and hands-on experience with these certificate schemes have equipped me with the insights needed to make informed decisions in implementing certificate-based security in VANETs. This knowledge is instrumental as I forge ahead in proposing novel approaches to certificate management and revocation in VANETs. 2.5 Summary I have done a lot of research to describe the depth and breadth of my research on VANETs and r elated security mechanisms. This study provides an indepth understanding of the design of VANETs, the different methods of implementing security measures, and the various certification processes currently in use. Throughout my journey, I have always recognized the need for robust, scalable , and effective security solutions based on the unique challenges VANETs present. My data analysis formed the basis of my next research. Research and Simulations. In particular, certificate programs have emerged as an important area of interest. Studying concepts such as X.509, Certificate Compatibility (ABC), and selfsigned certificates helped me improve my understanding and approach to VANET security. With regard to VANET architecture, my research has expanded from topology to specific roles and responsibilities of individuals, including vehicles and transportation systems. I integrate this architectural understanding into my simulation model to ensure accurate representation of VAN ETs. I also examined specific security procedures by reviewing existing systems for reliability, privacy protection, and data integrity. 18 In addition, my work includes a rigorous evaluation of cryptographic techniques, a necessary ste p to achieve sustainable security. My findings highlight the importance of choosing the right enc ryption method to balance the performance of the operation with encryption power, especially gi ven the limited resources of most cars. This is a brief summary of my in-depth research on various aspects of VANETs, from architecture to security mechanisms to certification schemes. The information gained from this meticulous research is invaluable and has provided me with the foundation for future new ways to improve VANET security. 19 3: Methodology The approach I took in this research is a comprehensive, multilayered approach designed to address the complexity of vehicular ad hoc networks (VANETs) a nd their associated security issues. My approach is based on qualitative research using theoretica l and practical analysis to produce accurate and reliable results. Summary: I first developed the design concept based on analysis of previous data. This framework serves a s the theoretical framework of my simulation model. It includes an overview of the VANET arc hitecture, existing security systems, and certification systems, each carefully analyzed for their s trengths and limitations. Technology Stack: For the simulation, I used OMNeT++ which is good for thinking about the network simulation e nvironment to model the VANET architecture. I included blockchain nodes and certificate autho rities in the simulation and included the nuances of Public Key Infrastructure (PKI) and Certific ate Revocation List (CRL). Simulation Design: Simulation scenarios are carefully designed to mimic realworld situations. For example, in the Certificate Authorization module, I use real values such as CRL size limit 100 and certificate validity period 3600 seconds. Select private blockchai n mode on the blockchain node and let the address be "0x1234" for testing. I added some cars to the simulation (10 cars for example) and each car has a special feature like a speed limit of 20 k m/h. Data collection: During the simulation, various types of data are collected, including blockchain transaction time , authentication and revocation time, and traffic communication Slowdown. This information is very important for evaluating the performance of VANETs in terms of performance and security . Cryptoanalysis: I also performed a cryptanalysis, all focusing on fast and secure authentication and algorithms s uitable for the integrity of information in the context of VANET. The performance and security measures of algorithms such as RSA, ECC and SHA-256 are reviewed. Validation: Each simulation scenario is run multiple times to verify results. Statistical methods are used to i nterpret data to ensure that the results are not the artifact of certain conditions. Benchmarking: I also made comparisons with existing systems and processes to demonstrate the effectiveness o f my plan. This includes comparing key performance metrics such as latency, throughput, and st ability. Ethical decision making: Ethical decision making is not clear. Given that VANETs involve the collection and transmissio n of valuable information, all simulated data is anonymized and all encryption methods are caref ully examined for privacy implications. My approach is a careful combination of theoretical research, simulation and technology. data a nalysis. It aims to provide a better understanding of VANETs and pave the way for new solution 20 s to the security problems that plague these networks. I believe this detailed report provides a co mprehensive and focused overview of the findings that contribute to the body of knowledge reg arding VANET security. 3.1 Research Design The structure of the research was carefully planned to serve two purposes: research and evaluati on. The main objective is to analyze the complexity of Vehicle Private Networks (VANETs) wit h a particular focus on security mechanisms. The research design provides ideas divided into dif ferent but interrelated levels to ensure that there is a unified and comprehensive approach to sol ving the problem. Stage 1: Preliminary Analysis and Practical Work In the first stage, a detailed analysis is done to understand the rules necessary to create a realistic VANET simulation. Considering the various network simulation features and functions, we cho se OMNeT++ as the simulation environment after evaluation. This stage also explains the featur es of the simulation. Stage 2: Literature Review This stage is very important in terms of identifying questions and objectives. A literature review was conducted to identify gaps in existing research. In this study, the development of existing s ecurity mechanisms in VANETs and the difficulties of achieving this are investigated. Stage 3: Simulation Model Design The simulation model will be created in the next stage. Here the real currency is used to set the c ertificate and authority to manage blockchain nodes. For example, the certificate authority is co nfigured with a CRL size limit of 100 and the blockchain node is configured to use the "private" blockchain type with the address "0x1234". Stage 4: Data Collection and Analysis During the simulation, details such as blockchain transaction time and certificate revocation tim e were collected. These specific measures were selected based on their relevance to research obj ectives and reviewed for consensus. Stage 5: Validation and Refinement After receiving the initial findings, the process can be used to produce good and reliable results. Minor adjustments were not made to the simulation as expected and the tests were rerun to confi rm the results. Stage 6: Disclosure and Disclosure The final stage should be careful briefing on all aspects of the project. Research involving challe nges encountered, strategies for solving problems, and results achieved. Everything is compiled into research papers and presentations. The scientific research model makes progress by identifying the problem and proposing solution s. Every stage is important in understanding and resolving issues arising from VANET security mechanisms. 3.2 Data Collection and Analysis Data collection and analysis are crucial to this study. Strict procedures are followed to ensure th e most important and accurate information is collected. Set up a simulation environment using 21 OMNeT++ to simulate global VANET situations. There is nothing like space where the number of cars, speed and location are configured as real world values to ensure the reliability of the simulation. Data Collection: Focus on two key metrics: the time it takes for the blockchain to complete a transaction and the time it takes for the certificate authority to remove the duplicate certificate. These measures wer e selected based on their direct impact on research objectives aimed at improving the security an d performance of VANETs. Blockchain transactions are measured in milliseconds and certificat e withdrawal times are recorded in seconds. These unique measurements are collected from mul tiple simulation studies to ensure reliability. Data Analysis: The collected data were analyzed both qualitatively and quantitatively. The average time for a bl ockchain business includes various transactions followed by a more detailed analysis of the perf ormance of the network as a whole. The purpose for revocation of certification is to verify the ef fectiveness and reliability of the process. Organize data on charts to show differences and make comparisons. Using statistical tools: Use advanced statistical tools to analyze data and draw conclusions. Methods such as ttests are used to determine whether changes in blockchain changes over time under different con ditions are meaningful. Similarly, the chisquare test was used to evaluate the effectiveness of different decertification procedures. Challenges and solutions: Challenges such as network latency and packet loss were encountered during data collection. To resolve these issues, we corrected the simulation error and performed further work to ensure the data was unbiased. Data collection and analysis stages were carried out carefully to ensure the integrity of the study . Through careful planning and execution, valuable information is gained leading to a broader u nderstanding of security issues in VANETs. These findings serve not only as research objective s but also as avenues for future research in this field. 3.3 Simulation Environment Simulation environment is an important part of this work because it provides control to evaluate security mechanisms in vehicle private networks (VANETs). OMNeT++ was chosen as the sim ulation tool due to its robustness and adaptability to VANET simulation. A special simulation m odel was developed to integrate certificate authorities and blockchain nodes. Hardware and Software: Simulations run on a computer with an Intel i7 processor and 16 GB of RAM. It uses OMNeT+ + version 5.6 and additional libraries for blockchain and cryptographic functions. Network Topology: The simulation environment consists of a network of 50 tools, a certificate authority and a block chain node. The cars are initially randomly placed on a 1000 m x 1000 m grid. The certificate au thority is in control (500, 500) and the blockchain node (300, 300). Parameters: Number of vehicles: 50 22 Simulation time: 3600 seconds Vehicle speed: between 20 km/h and 60 km/h CRL update interval time: 60 seconds < br> > Blockchain transaction time: recorded in millisec onds Simulation step: Initialization: The simulation environment containing all nodes and parameters has been initializ ed. Issuing Certificate: The certificate has the right to issue digital certificates for all vehicles. Business Simulation: Simulate traffic trading from blockchain nodes. Certificate Revocation: Intermittently revokes the certificates issued by the certificate. Factual notes: Write down key performance indicators. Termination: The simulation ends after 3600 seconds and the data is sent for analysis. Verification: A series of test runs were performed to validate the simulation model. These tests confirm that t he model works as expected, as certificate authorities issue and revoke certificates and blockcha in nodes complete transactions. Challenges: Some of the initial challenges include setting the speed limit for the car and setting the correct tr ansfer time on the blockchain node. However, after many test runs and modifications, a stable a nd accurate simulation environment was achieved. Gain indepth insight into VANET operational efficiency and vulnerabilities by carefully configuring an d analyzing the simulation environment. This important information forms the basis of the analy sis and decision of this study. 23
