‹#›
September
25, 2012
Full Deployment Model
Security Credential Management System (SCMS)
•SCMS structure with:
•Certificate
Authority (CA)
•Registration
Authority (RA)
•2
Linkage Authorities (LAs)
•Misbehavior
Authority, etc.
•Capability to generate and provide certificates valid for use for <3 years from certificate request:
•Option 1: re-useable, non-overlapping, 5 minute certificates
valid for <3 years
•Option 2: re-useable, overlapping certificates valid for 1 week for each week for <3
years
Communications between OBE & SCMS
•Communications required for:
•New certificate
request
•Certificate
Revocation List
•Misbehavior
reports
•Connectivity required:
•Likely more frequently than every 3 years
•Depends
upon:
•number of
attackers
•magnitude of
the attacks
•Difficult to estimate without actual operational experience
On-Board Elements (OBE)
•OBE requirements:
•FIPS 140 Level 2 or equivalent security processor
•Encrypted storage of certificates on-board
•Capability to:
•Option 1: request and load 3000 non-overlapping certificates, re-use for < 3 years, 5 minute duration each use – 300kB certificate
storage
•Option 2: request and load 7 - 80 overlapping certificates per week, sufficient for <3 years (~6000), re-use during week if necessary, change
at OEM discretion – max. 600kB
certificate storage
•Graceful evolution
from initial deployment model
•OBE full deployment requirements
supported by initial deployment vehicles
•Connectivity options,
both default and opt-in, must expand by full deployment