A Security Credential Management System for V2X Communications

The U.S. Department of Transportation (USDOT) issued a proposed rule on January 12, 2017 to mandate vehicle-to-vehicle safety communications in light vehicles in the U.S. Cybersecurity and privacy are major challenges for such a deployment. We present a Security Credential Management System (SCMS) for vehicle-to-everything (V2X) communications in this paper, which has been developed by the Crash Avoidance Metrics Partners LLC under a cooperative agreement with the USDOT. This system design is currently transitioning from research to proof-of-concept and is a leading candidate to support the establishment of a nationwide Public Key Infrastructure for V2X security. It issues digital certificates to participating vehicles and infrastructure devices for trustworthy communications among them, which is necessary for safety and mobility applications that are based on V2X communications. The SCMS supports four main use cases, namely, bootstrapping, certificate provisioning, misbehavior reporting, and revocation. The main design goal is to provide both security and privacy to the largest extent reasonable and possible. To achieve a reasonable level of privacy in this context, vehicles are issued pseudonym certificates, and the generation and provisioning of those certificates are divided among multiple organizations. Given the large number of pseudonym certificates per vehicle, one of the main challenges is to facilitate efficient revocation of misbehaving or malfunctioning vehicles, while preserving privacy against attacks from insiders. The proposed SCMS supports all identified V2X use-cases and certificate types necessary for V2X communication security. This paper is based upon work supported by the USDOT. Any opinions, findings, and conclusions or recommendations expressed in this publication are those of the authors (“we”) and do not necessarily reflect the view of the USDOT.