{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"institution":[{"id":[{"id":"https:\/\/ror.org\/03mb6wj31","id-type":"ROR","asserted-by":"publisher"},{"id":"https:\/\/www.isni.org\/000000041937028X","id-type":"ISNI","asserted-by":"publisher"},{"id":"https:\/\/www.wikidata.org\/entity\/Q1640731","id-type":"wikidata","asserted-by":"publisher"}],"name":"Universitat Polit\u00e8cnica de Catalunya","acronym":["UPC"]}],"indexed":{"date-parts":[[2026,3,19]],"date-time":"2026-03-19T11:27:34Z","timestamp":1773919654552,"version":"3.50.1"},"reference-count":0,"publisher":"Universitat Polit\u00e8cnica de Catalunya","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"abstract":"<jats:p>Vehicular ad hoc networks (VANETs) are emerging as an functional technology for providing a wide range of applications to vehicles and passengers. Ensuring secure functioning is one of the prerequisites for deploying reliable VANETs. The basic solution envisioned to achieve these requirements is to use digital certificates linked to a user by a trusted third party. These certificates can then be used to sign information. Most of the existing solutions manage these certificates by means of a central Certification Authority (CA). According to IEEE 1609.2 standard, vehicular networks will rely on the public key infrastructure (PKI). In PKI, a CA issues an authentic digital certificate for each node in the network. Therefore, an efficient certificate management is crucial for the robust and reliable operation of any PKI. A critical part of any certificate-management scheme is the revocation of certificates. The distribution of certificate status information process, as well as the revocation process itself, is an open research problem for VANETs.In this thesis, firstly we analyze the revocation process itself and develop an accurate and rigorous model for certificate revocation. One of the key findings of our analysis is that the certificate revocation process is statistically self-similar. As none of the currently common formal models for revocation is able to capture the self-similar nature of real revocation data, we develop an ARFIMA model that recreates this pattern. We show that traditional mechanisms that aim to scale could benefit from this model to improve their updating strategies.Secondly, we analyze how to deploy a certificate status checking service for mobile networks and we propose a new criterion based on a risk metric to evaluate cached status data. With this metric, the PKI is able to code information about the revocation process in the standard certificate revocation lists. Thus, users can evaluate a risk function in order to estimate whether a certificate has been revoked while there is no connection to a status checking server. Moreover, we also propose a systematic methodology to build a fuzzy system that assists users in the decision making process related to certificate status checking.Thirdly, we propose two novel mechanisms for distributing and validating certificate status information (CSI) in VANET. This first mechanism is a collaborative certificate status checking mechanism based on the use based on an extended-CRL. The main advantage of this extended-CRL is that the road-side units and repository vehicles can build an efficient structure based on an authenticated hash tree to respond to status checking requests inside the VANET, saving time and bandwidth. The second mechanism aims to optimize the trade- off between the bandwidth necessary to download the CSI and the freshness of the CSI. This mechanism is based on the use of a hybrid delta-CRL scheme and Merkle hash trees, so that the risk of operating with unknown revoked certificates remains below a threshold during the validity interval of the base-CRL, and CAs have the ability to manage this risk by setting the size of the delta-CRLs. Finally, we also analyze the impact of the revocation service in the certificate prices. We model the behavior of the oligopoly of risk-averse certificate providers that issue digital certificates to clients facing iden- tical independent risks. We found the equilibrium in the Bertrand game. In this equilibrium, we proof that certificate providers that offer better revocation information are able to impose higher prices to their certificates without sacrificing market share in favor of the other oligarchs.<\/jats:p>\n                <jats:p>Las redes vehiculares ad hoc (VANETs) se est\u00e1n convirtiendo en una tecnolog\u00eda funcional para proporcionar una amplia gama de aplicaciones para veh\u00edculos y pasajeros. Garantizar un funcionamiento seguro es uno de los requisitos para el despliegue de las VANETs. Sin seguridad, los usuarios podr\u00edan ser potencialmente vulnerables a la mala conducta de los servicios prestados por la VANET. La soluci\u00f3n b\u00e1sica prevista para lograr estos requisitos es el uso de certificados digitales gestionados a trav\u00e9s de una autoridad de certificaci\u00f3n (CA). De acuerdo con la norma IEEE 1609.2, las redes vehiculares depender\u00e1n de la infraestructura de clave p\u00fablica (PKI). Sin embargo, el proceso de distribuci\u00f3n del estado de los certificados, as\u00ed como el propio proceso de revocaci\u00f3n, es un problema abierto para VANETs.En esta tesis, en primer lugar se analiza el proceso de revocaci\u00f3n y se desarrolla un modelo preciso y riguroso que modela este proceso conluyendo que el proceso de revocaci\u00f3n de certificados es estad\u00edsticamente auto-similar. Como ninguno de los modelos formales actuales para la revocaci\u00f3n es capaz de capturar la naturaleza auto-similar de los datos de revocaci\u00f3n, desarrollamos un modelo ARFIMA que recrea este patr\u00f3n. Mostramos que ignorar la auto-similitud del proceso de revocaci\u00f3n lleva a estrategias de emisi\u00f3n de datos de revocaci\u00f3n ineficientes. El modelo propuesto permite generar trazas de revocaci\u00f3n sint\u00e9ticas con las cuales los esquemas de revocaci\u00f3n actuales pueden ser mejorados mediante la definici\u00f3n de pol\u00edticas de emisi\u00f3n de datos de revocaci\u00f3n m\u00e1s precisas. En segundo lugar, se analiza la forma de implementar un mecanismo de emisi\u00f3n de datos de estado de los certificados para redes m\u00f3viles y se propone un nuevo criterio basado en una medida del riesgo para evaluar los datos de revocaci\u00f3n almacenados en la cach\u00e9. Con esta medida, la PKI es capaz de codificar la informaci\u00f3n sobre el proceso de revocaci\u00f3n en las listas de revocaci\u00f3n. As\u00ed, los usuarios pueden estimar en funci\u00f3n del riesgo si un certificado se ha revocado mientras no hay conexi\u00f3n a un servidor de control de estado. Por otra parte, tambi\u00e9n se propone una metodolog\u00eda sistem\u00e1tica para construir un sistema difuso que ayuda a los usuarios en el proceso de toma de decisiones relacionado con la comprobaci\u00f3n de estado de certificados.En tercer lugar, se proponen dos nuevos mecanismos para la distribuci\u00f3n y validaci\u00f3n de datos de estado de certificados en VANETs. El primer mecanismo est\u00e1 basado en el uso en una extensi\u00f3n de las listas estandares de revocaci\u00f3n. La principal ventaja de esta extensi\u00f3n es que las unidades al borde de la carretera y los veh\u00edculos repositorio pueden construir una estructura eficiente sobre la base de un \u00e1rbol de hash autenticado para responder a las peticiones de estado de certificados. El segundo mecanismo tiene como objetivo optimizar el equilibrio entre el ancho de banda necesario para descargar los datos de revocaci\u00f3n y la frescura de los mismos. Este mecanismo se basa en el uso de un esquema h\u00edbrido de \u00e1rboles de Merkle y delta-CRLs, de modo que el riesgo de operar con certificados revocados desconocidos permanece por debajo de un umbral durante el intervalo de validez de la CRL base, y la CA tiene la capacidad de gestionar este riesgo mediante el ajuste del tama\u00f1o de las delta-CRL. Para cada uno de estos mecanismos, llevamos a cabo el an\u00e1lisis de la seguridad y la evaluaci\u00f3n del desempe\u00f1o para demostrar la seguridad y eficiencia de las acciones que se emprenden.<\/jats:p>","DOI":"10.5821\/dissertation-2117-95623","type":"dissertation","created":{"date-parts":[[2023,9,16]],"date-time":"2023-09-16T01:30:40Z","timestamp":1694827840000},"approved":{"date-parts":[[2013,9,4]]},"source":"Crossref","is-referenced-by-count":0,"title":["Certificate status information distribution and validation in vehicular networks"],"prefix":"10.5821","author":[{"sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Carlos","family":"Hern\u00e1ndez Ga\u00f1\u00e1n","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"3865","container-title":[],"original-title":[],"deposited":{"date-parts":[[2026,3,19]],"date-time":"2026-03-19T06:34:39Z","timestamp":1773902079000},"score":1,"resource":{"primary":{"URL":"https:\/\/hdl.handle.net\/2117\/95623"}},"subtitle":[],"editor":[{"given":"Jos\u00e9 Luis","family":"Mu\u00f1oz Tapia","sequence":"first","affiliation":[],"role":[{"role":"editor","vocabulary":"crossref"}]},{"given":"Jos\u00e9 L.","family":"Esparza Mart\u00edn","sequence":"additional","affiliation":[],"role":[{"role":"editor","vocabulary":"crossref"}]}],"short-title":[],"issued":{"date-parts":[[null]]},"references-count":0,"URL":"https:\/\/doi.org\/10.5821\/dissertation-2117-95623","relation":{},"subject":[]}}