Leimig, D. (2019):
Expiration and Revocation within the Certificate-Lifecycle-Management of BMW-Group-PKI
Certificates are used to secure the communication between software instances, such as a browser communicating with a website or two applications running on different servers. Most of these certificates are issued by a Certificate Authority (CA) of a Public Key Infrastructure (PKI) and have a validity lifetime and a revocation status. An invalid, e. g., expired or revoked certificate can cause a connection to be refused and make a service unavailable. Certificate Lifecycle Management (CLM) comprises actions like issuing, enrolling, invalidating, and reissuing certificates. After analyzing the specific requirements for the BMW vehicle PKI and evaluating available CLM software on the market, this thesis introduces a concept for a customized CLM for BMW with focus on certificate expiration. Additionally, a possible future challenge for this PKI is investigated in the context of identity based cryptography (IBC) regarding invalidation, which is Vehicle-to-everything (V2X) communication. V2X defines the communication of vehicles with the traffic infrastructure around them, e. g., another vehicle or a traffic light. IBC uses a publicly known string, e. g., an email address, as public key instead of generating the public key from the private key. Current approaches of securing V2X communication rely on PKIs and thus suffer from similar problems regarding invalidation as current PKIs. Therefore, using identity-based cryptography instead of a PKI in the context of V2X is investigated to find benefits regarding invalidation. The result is that monitoring of individual expiration times of entities and verifying the certificate chain for expiration and revocation are not needed.