Implicit Certificates in V2V
There has been a lot of news recently about vehicle-to-vehicle or “V2V” technology and how it is being adopted by the U.S. Department of Transportation in efforts to help drivers avoid accidents. A fundamental aspect of the V2V security system is its use of ‘implicit certificates’. What are these implicit certificates and how are they used in the V2V protocols?
In the V2V system being mandated for use in new cars and light weight trucks, each vehicle broadcasts information about its speed, position, acceleration, etc. to nearby vehicles. To prevent hackers from injecting false information into this system, at the time of manufacture each vehicle is loaded with several thousand implicit certificates. These certificates identify the vehicle as being a legitimate member of the V2V system but at the same time make it difficult to track individual vehicles using the certificate. Each broadcast of telemetry information is accompanied by one of the vehicle’s implicit certificates and verification data associated with both the telemetry data and the implicit certificate. Nearby vehicles can use the verification data and the implicit certificate to ensure that the telemetry data is authentic and was sent from a legitimate vehicle (and not, for example, from a hacker attempting to fake the system in order to cause an accident).
To understand implicit certificates more deeply it is important to understand traditional or conventional cryptographic certificates. Traditional certificates always contain (1) some kind of data that needs to be protected and (2) a digital signature by a trusted certification authority that specially marks the data as being authentic. In many applications, including the V2V system, the data part of the cryptographic certificates includes a cryptographic key to be used in other cryptographic protocols within the system. Implicit certificates use a clever technique for combining the digital signature and the cryptographic key in a way that maintains security but drastically reduces the size of the certificate.
Over the years several types of implicit certificates have been proposed and studied but the V2V system uses “ECQV“-type implicit certificates, named after the inventors Dr. Qu and Dr. Vanstone and the Elliptic Curve technology used in such certificates. TrustPoint has a white paper that compares implicit versus conventional certificates and you can request a copy. Also, the Wikipedia article on implicit certificates contains a more in-depth discussion of this type of certificate.