We propose a novel mechanism for excluding misbehaving participants from a vehicular ad-hoc network (V2X system) that does not require resolution of pseudonyms. Our approach enables a revocation authority to exclude the sender of a given message from pseudonymous communication without resolving (or otherwise learning) his long-term identity. This is achieved by broadcasting (or geocasting) a request for self-revocation to which only the holder of the pseudonym in question will respond by revoking all relevant pseudonyms. Compliance to the request is enforced by a trusted component in each vehicle that ensures the integrity and correct operation of its V2X on-board unit. With our revocation mechanism the deployment of privacy-friendly pseudonym schemes that do not implement pseudonym resolution becomes practical.
展开▼