uACPC: Client-Initiated Privacy-Preserving Activation Codes for Pseudonym Certificates Model

With the adoption of Vehicle-to-everything (V2X) technology, security and privacy of vehicles are paramount. To avoid tracking while preserving vehicle/driver’s privacy, modern vehicular public key infrastructure provision vehicles with multiple short-term pseudonym certificates. However, provisioning a large number of pseudonym certificates can lead to an enormous growth of Certificate Revocation Lists (CRLs) during its revocation process. One possible approach to avoid such CRL growth is by relying on activation code (AC)-based solutions. In such solutions, the vehicles are provisioned with batches of encrypted certificates, which are decrypted periodically via the ACs (broadcasted by the back-end system). When the system detects a revoked vehicle, it simply does not broadcast the respective vehicle’s AC. As a result, revoked vehicles do not receive their respective AC and are prevented from decrypting their certificates. Consequently, the need to add such vehicles on the CRL is expunged. In this article, we introduce uACPC, which extends the distribution of ACs (in a privacy-preserving manner) to the unicast mode of communication. In uACPC, the ACs are distributed by the back-end system via a unicast channel upon the receipt of the vehicle’s direct request for their respective ACs. In addition, we show that uACPC can leverage the edge computing architecture for faster and timely distribution of CRLs. In particular, edge computing can bring low-latency delivery of CRLs and higher availability for the distribution of ACs.