‹#›
September
25, 2012
Initial Deployment Model
Security Credential Management System (SCMS)
•SCMS structure with:
•Certificate
Authority (CA)
•Registration
Authority (RA)
•2
Linkage Authorities (LAs)
•Preliminary Misbehavior Authority,
etc.
•Capability to generate and provide certificates valid for use for three (3) years from initial deployment
•Option 1: re-useable, non-overlapping, 5 minute certificates
valid for 3 years
•Option 2: re-useable, overlapping certificates valid for 1 week for each week for 3 years
Communications between OBE & SCMS
•Communications required after 3 years for:
•New certificate
request
•Certificate
Revocation List
•Misbehavior
reporting
•Also possible more frequently, if supported by opt-in connections
On-Board Elements (OBE)
•OBE requirements:
•FIPS 140 Level 2 or equivalent security processor
•Encrypted storage of certificates on-board
•Capability to:
•Option 1: initially load 3000 non-overlapping certificates, re-use for 3 years, 5 minute duration each use – 300kB certificate storage
•Option 2: initially load 7 - 40 overlapping certificates per week, sufficient for 3 years (~6000), re-use during week if necessary, change
at OEM discretion – max. 600kB
certificate storage
•OBE requirements are technically
feasible
•Security portion <
20% of total OBE cost
•Connectivity not
required for the first 3 years
•SCMS risk mitigation techniques
are well-known from similar implementations