scms Archives - AUTOCRYPT

19 January, 2023 . 7 mins read

All You Need to Know About V2X PKI Certificates: Butterfly Key Expansion and Implicit Certificates

AutoCrypt SCMS now supports Butterfly Key Expansion for both implicit and explicit certificates of the V2X PKI ecosystem. This article explains why Butterfly Key Expansion is necessary for the SCMS and why implicit certificates might be a useful alternative to conventional certificates.

Vehicle-to-everything (V2X) communication allows vehicles to communicate with other vehicles and road entities for safety warnings, traffic coordination, and eventually vehicle-infrastructure cooperated autonomous driving (VICAD). Given that these V2X messages are critical to road safety, a vehicular public key infrastructure (PKI) known as the Security Credential Management System (SCMS) has been adopted worldwide to protect the integrity of V2X messages and the privacy of road users. V2X PKI certificates, or SCMS certificates, are therefore a crucial enabler of secure V2X communications.

What Is Unique About V2X PKI Certificates?

What makes V2X PKI certificates unique? The most significant difference between IT and V2X authentication is that IT authentication is centralized and hierarchical. Users use their digital signature to reveal their identity to the server, after which the server verifies the identity and grants the user access. There is apparently no need for users to prove their identity to other users. On the other hand, V2X authentication is decentralized, where users (vehicles) need to verify each other’s identity without revealing it. Sounds contradictory? This is made possible by using pseudonym certificates.

In the SCMS, pseudonym certificates are issued by authorization certification authorities (CA) to every road user (vehicle). As suggested by its name, these certificates are pseudonymous and thus do not contain the vehicle’s identity, but instead contain proof that the vehicle’s identity had been verified by the CA and that it is a legitimate entity.

Furthermore, to prevent a stalker from spying on the same pseudonym certificate over an extended period to trace its travel routes and behaviours, pseudonym certificates have very short validity periods. For an average private vehicle, up to 20 pseudonym certificates are issued weekly, rotating every few hours to prevent tracing. These numbers can vary depending on local regulations and the importance of the passenger. For instance, the vehicle for a head of state might require non-rotating, one-time pseudonym certificates issued every five minutes.

What Is Butterfly Key Expansion?

Every time a vehicle requests a pseudonym certificate, the responsible CA needs to sign a new certificate and return it to the vehicle. Given that a typical vehicle needs up to 20 certificates per week, the CA needs to sign over a thousand certificates to a single vehicle over a year. This is a scale never seen before in the IT or financial industry. As more and more vehicles join the V2X environment, it can soon become difficult for CAs to cope with the growing number of requests.

With advancements in cryptographic construction technology, a novel approach known as Butterfly Key Expansion now overcomes this disadvantage. Butterfly Keys allow a vehicle to request an arbitrary number of certificates all at once; each certificate with a different signing key and each encrypted with a different encryption key. A request using Butterfly Key Expansion contains only one signing public key seed, one encryption public key seed, and two expansion functions that enable expansion. Therefore, Butterfly Keys are very useful for requesting pseudonym certificates as they can drastically decrease the number of requests needed.

Note that Butterfly Keys are not needed for issuing application certificates* to roadside units (RSU). Since privacy is not a concern to roadside infrastructures, application certificates are issued once at a time and have very long validity periods, meaning that application CAs are fully capable of dealing with the volume of requests.

(*Pseudonym certificates are used by vehicles for self-identification in V2V communications, whereas application certificates are used by roadside infrastructures for self-identification in V2I applications.)

Explicit vs. Implicit Certificates

Pseudonym certificates can be constructed in two different forms: conventional (explicit) certificates and implicit certificates. Conventional certificates consist of three distinct pieces of data: 1) a public key, 2) the digital signature of the CA, binding the public key to the vehicle’s identification data, and 3) the vehicle’s identification data. During V2V message transmission, the sender signs the certificate with the private key, after which the receiver uses the public key in the certificate to verify and view the message. In this process, the sender’s identity is “explicitly verified” because by opening the message, the receiver knows that the sender is the only entity holding the private key. As such, these certificates are also known as explicit certificates.

However, a disadvantage of explicit certificates is that, since they contain three distinct pieces of data, their size can range between 2,000 bits to 30,000 bits, depending on the level of security needed. Such a size isn’t a concern in and of itself. But in the V2X environment, where traffic volume is high and transmission speeds are pivotal, smaller sizes can be more advantageous.

To enable speedier message transmission and more efficient certificate issuance, a new form of V2X PKI certificate is gaining popularity. Known as implicit certificates, or Elliptic Curve Qu-Vanstone (ECQV), these certificates contain the same three pieces of data as explicit certificates do, but do not carry them as three distinct elements. Instead, the public key and the digital signature are superimposed, leaving a single reconstruction value that is similar in size as the public key. The receiver of the message uses this reconstruction value to reconstruct the public key and verify the message. The way in which the public key and the digital signature are superimposed means that by verifying the public key, the digital signature and the legitimacy of the sender get “implicitly verified”.

Since implicit certificates contain a single reconstruction value, they are much lighter and thus require much less bandwidth to transmit. The typical size of an implicit certificate is only 200 to 500 bits, which is ideal for the SCMS, where a large volume of certificates needs to be transmitted within a constrained timeframe.

The concept of implicit certificates is developed and patented by Blackberry Certicom. Nevertheless, CAs are free to issue implicit certificates for applications in the SCMS in accordance with IEEE 1609.2.

V2X PKI Regional Requirements and Preferences

As mentioned earlier, Butterfly Key Expansion is only beneficial for issuing pseudonym certificates and is not used for generating application certificates. The same is true for implicit certificates. The lightweight advantage of implicit certificates is best seen when applied to pseudonym certificates, but less significant when applied to application certificates. Given that the mechanism behind implicit certificates is more complex, some parts of the world prefer to stay with explicit certificates.

As a result, a mix of different mechanisms is used in the real world. In fact, different transport authorities have established different requirements for the certificates used in their SCMS. In North America, implicit certificates have become the standard for all V2X PKI certificates, whereas, in China, explicit certificates are required. Europe has been establishing two different standards, one for explicit certificates and one for implicit certificates.

In general, V2X PKI certificates can be constructed using four different combinations.

AutoCrypt SCMS Ready to Support All Certificate Types

In late 2022, AUTOCRYPT completed its development on the issuance of both explicit and implicit certificates with Butterfly Key Expansion, gaining the full capability to issue and provision all types of V2X PKI certificates in the SCMS.

To learn more about AUTOCRYPT’s V2X security solutions and AutoCrypt SCMS, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s newsletter.

7 December, 2022 . 2 mins read

AUTOCRYPT Accredited by WebTrust for CAs as V2X Root Certificate Authority

SEOUL, KOREA, December 7, 2022 — AUTOCRYPT, an industry-leading provider of automotive cybersecurity and connected mobility solutions, announced that it has been officially accredited by the AICPA/CICA WebTrust Program for CAs (Certification Authorities) as a root certificate authority for the V2X-PKI ecosystem, making it Asia’s first, and the world’s third V2X root certificate authority to receive the WebTrust seal.

The WebTrust Program accredits CAs after having licensed auditors conduct extensive audits to verify that the CA has adequate management capabilities and strictly follows its Certificate Practice Statement (CPS) by properly verifying organizations and protecting its certificate keys. The WebTrust seal is an internationally recognized symbol for safe practice in PKI and cryptography, to which many organizations demand WebTrust accreditation for all CAs involved in their supply chains.

AUTOCRYPT’s V2X-PKI CA (Certificate Authorization) Service acts as a root CA that registers, issues, manages, and revokes V2X certificates to subordinate CAs, supporting SCMS standards across North America, Europe, and China. Independently operated by its self-established security certification center, the service has undergone months of external audits and monitoring prior to receiving the accreditation.

“Aligning with our vision of enabling reliable and autonomous mobility for all road users, we developed our own root CA service to help establish trust within the V2X ecosystem,” said Daniel ES Kim, CEO of AUTOCRYPT. “By providing WebTrust-accredited certificate lifecycle management for V2X CAs, we look forward to enabling a streamlined V2X deployment process for our clients and partners, as well as encouraging more V2X implementations across a wider variety of use cases.”

Apart from serving as a V2X root CA, AUTOCRYPT offers a complete security solution for the V2X ecosystem, including a security module for OBU/RSUs, an SCMS backend, and an Integrated Management System (IMS) for SCMS that enables automotive OEMs to oversee all the SCMS certificates for their fleets via a graphical user interface.

For more information regarding AUTOCRYPT’s V2X security solutions and offerings, contact global@autocrypt.io.

12 April, 2021 . 6 mins read

What is the Security Credential Management System?

We all know that vehicle-to-everything (V2X) communication constitutes the core of autonomous driving. By enabling vehicles and infrastructure to share live information, a safe and seamless autonomous mobility experience can be accomplished. But how exactly does the information sharing process work?

Just like how we communicate with each other via text messages, vehicles communicate with nearby entities by transmitting basic safety messages (BSM) between one another. However, different from us sending text messages, vehicles can send, receive, and process thousands of messages per minute. Every BSM a vehicle sends out contains the current time, along with the vehicle’s speed, location, direction, path, and other safety-related information. The vehicle that receives the BSM will use such information to determine whether it should change its speed and direction, or simply just send an alert to the driver. Despite seeming like a lot of work, this process is totally seamless, where hundreds of BSMs are sent, received, processed, and acted upon within each second.

Sounds easy? While the concept of V2X communication may seem very straightforward, we must figure out how to keep these communications perfectly accurate and effective. A failed, inaccurate, or miscommunicated text message is not usually a great deal. But a failed BSM is a matter of life and death. In fact, it would be fair to say that only 10% of the V2X communication technology is about communication itself, while the rest 90% is about ensuring that these communications are flawless and secure.

The Role of the Security Credential Management System (SCMS)

The Security Credential Management System (SCMS) is a proof-of-concept (POC) security solution for V2X communication. Despite the fancy name, it is essentially a public key infrastructure (PKI) designed to secure V2X messages – in this case – the BSMs. The POC has been officially adopted as a protocol by the United States Department of Transportation (USDOT) and became an industry standard for all providers of PKI-based V2X security solutions, including AUTOCRYPT.

Just like typical PKIs, the main purpose of the SCMS is to ensure trusted communication by securing the message. This involves a three-step process: certificate issuance, encryption, and certificate-based authentication. In simple terms, the SCMS needs to first ensure that the message sender is a legally registered entity, then encrypt the drafted message, after which from the receiver’s side, it needs to ensure that the message is truly the original message and that it has not been altered during transmission. Nevertheless, there are still two major differences between the SCMS and traditional PKIs.

The first difference is capacity. A single SCMS can issue up to 300 billion certificates per year, enough to support up to 300 million vehicles. On the other hand, the largest PKI to date is the Europay-Mastercard-Visa Consortium (EMVCo), which is only capable of issuing less than 10 billion certificates per year.

The second difference is that the SCMS faces a much more demanding situation. PKIs used for financial transactions have one sole purpose of ensuring security. Yet, the SCMS must excel in both security and efficiency, two attributes that are usually viewed as tradeoffs.

How Does the SCMS Work?

When a connected vehicle wants to join the V2X network, it must first send its registration request to the SCMS. After approving the request, the SCMS issues an enrolment certificate to the vehicle. The enrolment certificate acts as the ID for the vehicle, proving itself as an authorized participant.

Now that the vehicle is enrolled to send and receive messages. The SCMS still faces the task of securing the message. In this process, it needs to issue and manage several authorization certificates. Before sending out a message, the on-board unit (OBU) must receive an identification certificate. This certificate acts as a digital signature that gets attached to the message. To protect the privacy of the driver, the identification certificate is encrypted and turned into a pseudonym certificate that does not reveal the identity of the vehicle owner.

Before the receiver opens the message, the SCMS compares the sender’s digital signature with a list of previously revoked signatures to ensure that the signature is currently valid. After passing all verifications, the message is given to the receiver to process.

Other entities like roadside infrastructure also undergo the same process before sending a message. Roadside units (RSU) receive application certificates that are equivalent to the identification certificates of OBUs. However, in this case, there is no need to transform them into pseudonym certificates.

security credential management system chart

Why is the SCMS Useful for V2X Security?

Ensuring data integrity. In the V2X communication process, it is crucial to ensure that the message transmitted is not altered by any third party. Since the SCMS seals the messages with digital signatures, then verifies the signature upon receival. There is no endpoint for malicious actors to manipulate the message.

Ensuring data authenticity. Since an identity certificate is issued every time before a sender sends a message, there is no potential loophole for a threat actor to send fake messages in the identity of someone else.

Ensuring privacy. As mentioned above, the identity certificate issued to an OBU is encrypted into a pseudonym certificate. On top of that, the message itself only contains information on the vehicle’s condition and behaviour but not the vehicle’s identity. This makes it nearly impossible to trace the message back to the sender vehicle’s owner.

Ensuring interoperability. Instead of having V2X security providers developing their own set of mechanisms, the SCMS acts as a protocol that ensures all the developed solutions are interoperable with one another. This is a key benefit because interoperability is crucial to V2X communication.

Revocation. Different from traditional PKIs, the SCMS keeps a record of all revoked devices that had been reported with misbehaving, malfunctioning, or even malicious actions. The record helps prevent the same threats from reoccurring, significantly lowering the risks associated with the system.

AutoCrypt V2X, Securing Autonomous Driving with Decades of Experience in PKI

The SCMS protocol is complemented by a few other industry standards to ensure the deployment of secure and efficient PKIs for the V2X network. As such, AutoCrypt PKI is not only designed based on the SCMS, but also is in line with the Crash Avoidance Metrics Partners (CAMP) and the Cooperative ITS Credential Management System (CCMS). Combining AutoCrypt PKI with the software development kit installed locally into the OBUs, along with AutoCrypt LCM, the local certificate manager in charge of message encryption, AutoCrypt V2X is the most complete solution for autonomous driving.

To keep informed with the latest news on mobility tech and automotive cybersecurity, subscribe to AUTOCRYPT’s monthly newsletter.