Conference Paper

A Framework for a Blockchain-based Public Key Infrastructure for Autonomous Vehicles

  • Ostbayerische Technische Hochschule Amberg-Weiden
To read the full-text of this research, you can request a copy directly from the authors.


We propose a framework for designing a blockchain-based Public Key Infrastructure for highly automated and autonomous vehicles for vehicular ad-hoc networks and the Internet of Vehicles as part of the Internet of Things. The basic concept is to store the public keys in a dedicated blockchain together with information that can easily be checked by the perception system of the vehicles. Special transactions on the blockchain make it possible to establish trust relationships between different entities. In combination with a trust model this forms an identification and authentication system. The freedom to choose the trust model and the specific blockchain enables flexible adaption to regulatory and political requirements.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

Technical Report
Full-text available
Das Projekt AutoDrive bringt ein innovatives gesamt-europäisches Ökosystem zusammen, das aus 61 Partnern besteht, darunter führende Halbleiterunternehmen, Fahrzeughersteller, elektronische Systemintegratoren, renommierte Forschungsinstitute sowie kleine und mittlere Unternehmen (KMU). Ziel ist die Entwicklung fortschrittlicher elektronischer Komponenten und Systeme für autonome Fahrzeuge zur Bereitstellung ausfallsicherer Funktionen unter Verwendung neuartiger Architekturen mit erhöhter Zuverlässigkeit, um Komplexität und Kosten zu reduzieren, gleichzeitig jedoch Robustheit und Flexibilität zu erhöhen und das Gesamtsystem in optimaler Weise auszubalancieren. Sicherheit ist die größte Herausforderung beim autono-men Fahren. Die AutoDrive-Partner entwickeln fortschrittliche elektronische fail-aware, fail-safe und fail-operational Komponenten, Systeme und Architekturen für hoch-und vollautomatisches Fahren und setzen diese in neun Demonstratoren in verschiedenen Städten und Ländern Europas ein. Auszug aus dem Forschungsbericht der OTH-AW 2021:
Full-text available
Pretty Good Privacy (PGP) is one of the most prominent cryptographic standards offering end-to-end encryption for email messages and other sensitive information exchange. PGP allows to verify the identity of the correspondent in information exchange as well as the information integrity. PGP implements asymmetric encryption with certificates shared through a network of PGP key servers. In this paper, we propose a new PGP management framework with the key servers infrastructure implemented using blockchain technology. Our approach offers fast propagation of certificate revocation among PGP key servers and elimination of man-in-the-middle risks. It also grants users the required access control to update their own PGP certificates, which is not the case with the current PGP key servers. A prototype has been implemented using Ethereum blockchain and an open source key server, named Hockeypuck. Finally, we evaluated the prototype with extensive experiments. Our results show that our solution is practical and it could be integrated with the existing public PGP key servers infrastructure.
Full-text available
Currently, the popularity of Internet-of-Vehicles technology and self-driving cars are increasing rapidly. Several companies are investing in this field and are competing to release the latest and safest autonomous cars. However, this rapid Internet-of-Vehicles development also creates many security problems, which are considered a significant threat both to industry and to consumers. As a result, there is an urgent need to study the possible security threats and different solutions that can ensure the safety of drivers and also the security of industry. This research article focuses on examining the systematic literature on Internet-of-Vehicles and security. It also provides comprehensive and unbiased information regarding various state-of-the-art security problems, solutions, and proposals in vehicular ad hoc networks and Internet-of-Vehicles. Systematic literature review is used for more than 127 different research articles published between the years 2010 and 2018. The results of the systematic literature review used are categorized into the following three main categories: (1) the different types of attacks on Internet-of-Vehicles, (2) the different solutions that can be implemented to solve the threats, and (3) the performance outcomes.
Full-text available
The public key infrastructure (PKI) based authentication protocol provides basic security services for the vehicular ad-hoc networks (VANETs). However, trust and privacy are still open issues due to the unique characteristics of VANETs. It is crucial to prevent internal vehicles from broadcasting forged messages while simultaneously preserving the privacy of vehicles against the tracking attacks. In this paper, we propose a blockchain-based anonymous reputation system (BARS) to establish a privacy-preserving trust model for VANETs. The certificate and revocation transparency is implemented efficiently with the proofs of presence and absence based on the extended blockchain technology. Public keys are used as pseudonyms in communications without any information about real identities for conditional anonymity. In order to prevent the distribution of forged messages, a reputation evaluation algorithm is presented relying on both direct historical interactions and indirect opinions about vehicles. A set of experiments is conducted to evaluate BARS in terms of security, validity, and performance and the results show that BARS is able to establish a trust model with transparency, conditional anonymity, efficiency, and robustness for VANETs.
Full-text available
Thanks to its potential in many applications, Blockchain has recently been nominated as one of the technologies exciting intense attention. Blockchain has solved the problem of changing the original low-trust centralized ledger held by a single third-party, to a high-trust decentralized form held by different entities, or in other words, verifying nodes. The key contribution of the work of Blockchain is the consensus algorithm, which decides how agreement is made to append a new block between all nodes in the verifying network. Blockchain algorithms can be categorized into two main groups. The first group is proof-based consensus, which requires the nodes joining the verifying network to show that they are more qualified than the others to do the appending work. The second group is voting-based consensus, which requires nodes in the network to exchange their results of verifying a new block or transaction, before making the final decision. In this paper, we present a review of the Blockchain consensus algorithms that have been researched and that are being applied in some well-known applications at this time.
Conference Paper
Full-text available
Traditional Public-Key Infrastructure (PKI) is Certificate Authority based (CA-based). Thus, the security of PKI is completely relying on the security of CAs' infrastructure. However, many recent breaches show that the CA's infrastructure can be compromised as well as exposed to operational errors, while the Log-based PKIs and Web of Trust (WoT) approaches have many issues related to the potential points-of-failure and other difficulties. In this paper, we propose a novel blockchain-based PKI management framework which can issue, validate and revoke X.509 standard certificates using Blockchain technology. Our framework resolves the problems with traditional PKI systems - in particular, certificate revocation, elimination of single points-of-failure and rapid reaction to CAs misbehavior. We designed and developed a prototype for issuing, validating and revoking PKI certificates through Ethereum blockchain. Evaluation and experimental results confirm that the proposed framework can be used to construct reliable and robust PKI systems.
Conference Paper
Full-text available
Blockchain, the foundation of Bitcoin, has received extensive attentions recently. Blockchain serves as an immutable ledger which allows transactions take place in a decentralized manner. Blockchain-based applications are springing up, covering numerous fields including financial services, reputation system and Internet of Things (IoT), and so on. However, there are still many challenges of blockchain technology such as scalability and security problems waiting to be overcome. This paper presents a comprehensive overview on blockchain technology. We provide an overview of blockchain architechture firstly and compare some typical consensus algorithms used in different blockchains. Furthermore, technical challenges and recent advances are briefly listed. We also lay out possible future trends for blockchain.
Full-text available
Cooperative Intelligent Transportation Systems (C-ITS), mainly represented by vehicular ad-hoc networks (VANETs), are among the key components contributing to the Smart City and Smart World paradigms. Based on the continuous exchange of both periodic and event triggered messages, smart vehicles can enhance road safety, while also providing support for comfort applications. In addition to the different communication protocols, securing such communications and establishing a certain trustiness among vehicles are among the main challenges to address, since the presence of dishonest peers can lead to unwanted situations. To this end, existing security solutions are typically divided into two main categories, cryptography and trust, where trust appeared as a complement to cryptography on some specific adversary models and environments where the latter was not enough to mitigate all possible attacks. In this paper we provide an adversary-oriented survey of the existing trust models for VANETs. We also show when trust is preferable to cryptography, and the opposite. In addition, we show how trust models are usually evaluated in VANET contexts, and finally we point out some critical scenarios that existing trust models cannot handle, together with some possible solutions.
Conference Paper
Full-text available
Authcoin is an alternative approach to the commonly used public key infrastructures such as central authorities and the PGP web of trust. It combines a challenge response-based validation and authentication process for domains, certificates, email accounts and public keys with the advantages of a block chain-based storage system. As a result, Authcoin does not suffer from the downsides of existing solutions and is much more resilient to sybil attacks.
Vehicular ad hoc networks (VANETs) are becoming the most promising research topic in intelligent transportation systems, because they provide information to deliver comfort and safety to both drivers and passengers. However, unique characteristics of VANETs make security, privacy, and trust management challenging issues in VANETs' design. This survey article starts with the necessary background of VANETs, followed by a brief treatment of main security services, which have been well studied in other fields. We then focus on an in-depth review of anonymous authentication schemes implemented by five pseudonymity mechanisms. Because of the predictable dynamics of vehicles, anonymity is necessary but not sufficient to thwart tracking an attack that aims at the drivers' location profiles. Thus, several location privacy protection mechanisms based on pseudonymity are elaborated to further protect the vehicles' privacy and guarantee the quality of location-based services simultaneously. We also give a comprehensive analysis on various trust management models in VANETs. Finally, considering that current and near-future applications in VANETs are evaluated by simulation, we give a much-needed update on the latest mobility and network simulators as well as the integrated simulation platforms. In sum, this paper is carefully positioned to avoid overlap with existing surveys by filling the gaps and reporting the latest advances in VANETs while keeping it self-explained.
Public key cryptography helps make information and communication technology (ICT) systems more secure. Public key infrastructures (PKIs) enable the use of public key cryptography in open computer networks, in particular on the Internet. In this chapter, we use characteristic examples of Internet applications to illustrate potential threats against ICT and describe important security goals that can be achieved using public key cryptography and PKI. We discuss the basics of public key cryptography and explain how this technology supports the security goals explained in this chapter. Finally, we present the challenges that lead to the need for PKI. For more details on public key cryptography see [4].
Conference Paper
Vehicular Ad hoc NETwork (VANET) is an emerging paradigm in networking. It is a new form of Mobile Ad hoc NETwork (MANET). VANET enables vehicle to vehicle (V2V) communication with the goal of providing road safety and reduce traffic congestion. However, dishonest (malicious) peers (vehicles) in a VANET many send out false information to maximize their own utility. Now a day, VANET has been taken more attention of researchers and automotive industries due to life saving factor. In this paper, we first discuss the applications and unique characteristics of VANETs that distinguish them from MANETs. We also discuss about different attacks and security issues in VANET. We then survey existing trust models in VANETs, and point out their key issues. Based on these studies, we suggest desired properties towards effective trust management in VANETs.
A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.
If Alice and Bob each know their own private key and the other's public key, they can communicate securely, through any number of public key based protocols such as IPSec, PGP, S/MIME, or SSL. However, how do they know each other's public keys? The goal of a public key infrastructure (PKI) is to enable secure, convenient, and efficient discovery of public keys. It should be applicable within as well as between organizations, and scalable to support the Internet. There are various types of PKI that are widely deployed or have been proposed. They differ in the configuration information required, trust rules, and flexibility. There are standards such as X.509 and PKIX, but these are sufficiently flexible so that almost any model of PKI can be supported. We describe several types of PKI and discuss the advantages and disadvantages of each. We argue against several popular and widely deployed models as being insecure, unscalable, or overly inconvenient. We also recommend a particular model
Authentication using a path of trusted intermediaries, each able to authenticate the next in the path, is a well-known technique for authenticating entities in a large-scale system. Recent work has extended this technique to include multiple paths in an effort to bolster authentication, but the success of this approach may be unclear in the face of intersecting paths, ambiguities in the meaning of certificates, and interdependencies in the use of different keys. Thus, several authors have proposed metrics to evaluate the confidence afforded by a set of paths. In this paper we develop a set of guiding principles for the design of such metrics. We motivate our principles by showing how previous approaches failed with respect to these priniciples and what the consequences to authentication might be. We then propose a new metric that appears to meet our principles, and so to be a satisfactory metric of authentication.
Conference Paper
. A global public-key infrastructure (PKI), components of which are emerging in the near future, is a prerequisite for security in distributed systems and for electronic commerce. The purpose of this paper is to propose an approach to modelling and reasoning about a PKI from a user Alice's point of view. Her view, from which she draws conclusions about the authenticity of other entities' public keys and possibly about the trustworthiness of other entities, consists of statements about which public keys she believes to be authentic and which entities she believes to be trustworthy, as well as a collection of certificates and recommendations obtained or retrieved from the PKI. The model takes into account recommendations for the trustworthiness of entities. Furthermore, it includes confidence values for statements and can exploit arbitrary certification structures containing multiple intersecting certification paths to achieve a higher confidence value than for any single c...
A decentralized public key infrastructure with identity retention
  • C Fromknecht
  • S Yakoubov
  • D Velicanu
C. Fromknecht, S. Yakoubov, and D. Velicanu, "A decentralized public key infrastructure with identity retention," 2014. [Online].
IKP: Turning a PKI around with blockchains
  • S Matsumoto
  • R M Reischuk
S. Matsumoto and R. M. Reischuk, "IKP: Turning a PKI around with blockchains," 2016. [Online]. Available: 1018
Securing vehicle to vehicle communications using blockchain through visible light and acoustic side-channels
  • S Rowan
  • M Clear
  • M Gerla
  • M Huggard
  • C M Goldrick
S. Rowan, M. Clear, M. Gerla, M. Huggard, and C. M. Goldrick, "Securing vehicle to vehicle communications using blockchain through visible light and acoustic side-channels," arXiv:1704.02553 [cs], 2017-04-08. [Online]. Available:
Efficient distributed admission and revocation using blockchain for cooperative ITS
  • N Lasla
  • M Younis
  • W Znaidi
  • D B Arbia
N. Lasla, M. Younis, W. Znaidi, and D. B. Arbia, "Efficient distributed admission and revocation using blockchain for cooperative ITS," in 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), 2018, pp. 1-5.
Taxonomy and definitions for terms related to driving automation systems for on-road motor vehicles
  • On-Road
On-Road Automated Driving (ORAD) committee, "Taxonomy and definitions for terms related to driving automation systems for on-road motor vehicles," 2018. [Online]. Available: https: // 201806
An algebra for trust dilution and trust fusion," in Formal Aspects in Security and Trust, ser. Lecture Notes in Computer Science, P. Degano and
  • B Alcalde
  • S Mauw
B. Alcalde and S. Mauw, "An algebra for trust dilution and trust fusion," in Formal Aspects in Security and Trust, ser. Lecture Notes in Computer Science, P. Degano and J. D. Guttman, Eds. Springer Berlin Heidelberg, 2010, pp. 4-20.
Protocols for Authentication and Key Establishment, ser. Information Security and Cryptography
  • C Boyd
  • A Mathuria
C. Boyd and A. Mathuria, Protocols for Authentication and Key Establishment, ser. Information Security and Cryptography. Springer, 2003.