Certificates and Certificate Authority Hierarchy
Entities that use IEEE 1609.2 security services are classified into two categories: CA entities and end entities. CA entities issue certificates and CRLs. All other entities that use IEEE 1609.2 certificates, but cannot issue certificates or CRLs, are end entities. End entities include vehicles, RSUs, application servers, and applications. The IEEE 1609.2 standard defines the following types of CA entities:
- • Root CAs: They are trusted to issue certificates to all other CA entities and all end entities. The public keys of a root CA are trusted by end entities, and no certificates for these public keys will be required. A root CA may issue certificates to other CA entities to authorize them to issue certificates or CRLs to end entities.
- • Message CAs: They issue certificates to end entities that send application messages secured with IEEE 1609.2.
- • WAVE service advertisements (WSA) CAs: They issue certificates to end entities that send WSA. An end entity uses WSAs to tell other end entities what WAVE services it provides.
- • CRL Signers: They are CA entities that are authorized to issue CRLs, but cannot issue certificates. The CA hierarchy defined in IEEE 1609.2. IEEE 1609.2 defines three types of end entities: Identified, Identified Not Localized, and WSA Signers. The Identified and the Identified Not Localized end entities are entities that send application messages secured with IEEE 1609.2
security services. These end entities obtain their certificates from the Message CAs. WSA Signers are end entities that send signed WSAs. WSA Signers obtain their certificates from the WSA CAs. All end entities obtain CRLs from the CRL Signer.
The IEEE 1609.2 standard classifies messages into the two basic categories: certificate management messages and application messages. Certificate management messages are the messages sent between end entities (e.g., vehicles) and CA entities to support certificate management functions such as for vehicles to acquire certificates and CRLs from the CA. Application messages are the messages sent by the applications, such as vehicle safety applications, that run on a vehicle or other WAVE devices. Each end entity uses separate sets of certificates to process certificate management messages and application messages. The certificates used to process certificate management messages are called security management certificates. The certificates used to process application messages are called communications certificates. Communication between an end entity and a CA requires a mutual authentication. Mutual authentication process requires two types of security management certificates:
- 1. A Certificate Signing Request (CSR) certificate used by the end entity to authenticate to the CA
- 2. A CA certificate used by the CA to authenticate to the end entity. The Identified and the Identified Not Localized end entities use Message CSR certificates to authenticate to the Message CAs. That is, they use Message CSR certificates to sign the Message Certificate Signer Request (CSR) messages they send to the Message CAs to request certificates. The WSA Signers use WSA CSR certificates to authenticate to the WSA CAs.
A certificate contains, implicitly or explicitly, at least one public key for a public key cryptosystem, and a list of the permissions associated with that public key. The permissions specify what the private-public key pair associated with this certificate can be used for.
Formats for Public Key, Signature, Certificate, and CRL
This section describes the data structures defined in the IEEE 1609.2 standard for public keys, digital signatures, certificates, and CRLs.
Public Key Formats
The IEEE 1609.2 standard uses elliptic curve digital signature algorithm (ECDSA) for digital signatures and elliptic curve integrated encryption scheme (ECIES) for public key encryption. Using ECDSA and ECIES, a public key is a point on an elliptic curve that can be represented by the x- and y-coordinates of this point on the elliptic curve. The IEEE 1609.2 standard defines a public key format, which can be used to encode an ECDSA or ECIES public key. The algorithm field indicates which public key algorithm this public key should be used with. The current IEEE 1609.2 standard supports the following public key algorithms:
- • ECDSA over two elliptic curves defined by National Institute of Standards and Technology (NIST) over prime fields: the P244 curve for 112-bit security strength and the P256 curve for 128-bit security strength
- • ECIES over the P256 elliptic curve defined by NIST.