V2X (vehicle-to-anything) communication systems have the potential to reduce the number of road accidents and traffic jams. However, to be accepted in practice, V2X communications must be secure and they should also preserve the privacy of users as much as possible. Current V2X standards address these issues by requiring V2X messages to be digitally signed and signature verification keys to be authenticated by a vehicular PKI (public key infrastructure). To provide some privacy guarantees, vehicles use two types of keys: long-term keys that identify them uniquely and short-term pseudonymous keys. The long-term key is used to acquire batches of short-term pseudonymous keys, which are then used to sign V2X messages. In this way, individual messages can be verified to be legitimate, but they do not directly reveal the identity of their sender.

This project is concerned with the problem of revoking keys in V2X communication systems, which should happen when they are compromised or when a vehicle using them is misbehaving. Revocation is a difficult problem and it is addressed by different approaches in the literature. The goal of this project is to understand these approaches, to compare them, and to propose some improvements, if possible.

The specific tasks of the student include the following:

• Overview of the literature on revocation in V2X communication systems and identifying 2-3 promising approaches;
• ·Definition of attacker models, relevant for compromising keys of different types;
• Identifying meaningful performance metrics for revocation schemes (e.g., time needed for revocation information to reach relying parties, number of erroneously accepted messages due to revocation information not being delivered in time, etc.);
• Setting up a traffic simulation framework (e.g., SUMO) for realistic modelling of vehicle movement and interaction;
• Analysis and comparison of the identified revocation schemes with respect to the identified performance metrics using the established simulation framework;
• Evaluation of simulation results and identifying possible ways of improvements for existing revocation schemes.