Path: EDN Asia >> News Centre >> Automotive >> Industry tackles connected car's privacy, security issues
Automotive Share print

Industry tackles connected car's privacy, security issues

02 Jul 2014  | Lars Reger

Share this page with your friends

How are privacy and security guaranteed in the digital data exchange in vehicle-to-vehicle or vehicle-to-infrastructure communication?

Although vehicle-to-vehicle and vehicle-to-infrastructure communication—collectively referred to as V2X—is perhaps not yet widely known among consumers, car manufacturers are already working on its integration. In a few years' time, the first high-end models containing this technology will be introduced to the market. Initially, the selling point of these cars will be that they can exchange information with each other and with roadside equipment.

Not all details have been worked out yet, but all parties involved agree on the overall direction. The communication protocol has already been standardised as 802.11p. However, there are still quite a few regulatory details to be defined.

Media attention for this development is growing, and articles on the subject are often concluded with a remark about privacy: yet another way that others can know of your whereabouts. And how about security issues and related malfunctions of the car?

During a meeting of the European spectrum authorities at NXP last December, it became evident that these aspects have been given a great deal of thought. This is hardly surprising, as the automotive supply chain has been working on this development for the last five years.

The chicken or egg dilemma

According to Clara Otero Perez, head of the Concept Exploration Lab at NXP, a few things are important for the security of V2X communication. The first is authentication: Is the sender who they claim to be, or in this case, is the sender trustworthy? The second is integrity, i.e., the certainty that the message has not been tampered with. The third is non-repudiation, a term from cryptography that can perhaps best be explained as "undeniability"—the sender must not be able to deny sending the message afterwards. Finally, the privacy concern of the car user must be addressed by providing anonymity (identity hiding) to prevent tracking.

The actual data does not need to be encrypted, as the whole purpose is to let the environment know what the car is doing.

The V2X security mechanism to authenticate messages is based on digital signatures, a mechanism very similar to the one used on the Internet. A few important modifications are made to correct shortcomings and make it suitable for automotive standards.

The heart of the system is public-key cryptography, in which every user uses two related numerical keys: one private key that is kept strictly secret, and a public key that may be revealed to anyone who wants to know. The trick is that the private key can only be used to encrypt a message, while the public key can only be used to decrypt it.

If a message can be decrypted using the public key, it proves that the sender has the private key. However, that only works if the sender is known; from a new sender the public key must first be obtained. And how do you know that you are dealing with the real sender?

The chicken-or-egg dilemma is solved by publishing the key via a digital certificate. A digital certificate binds a subject's identity with its public key(s) and (optional) properties. It is signed by another party—using its own set of keys—to confirm someone's public key (see text box, next page). If the recipient trusts this third party, it is safe to assume that the public key belongs to the intended sender. The third party can, of course, also be unknown, but certificates can be requested as often as it takes to find a known, trusted signatory.

So who are these trusted parties? On the Internet, these are often the certificate authorities (CAs), organisations that issue certificates, usually at a charge. Web browsers and email client software usually include standard lists with root CAs and their public keys. There are also intermediate CAs that are not on the lists, but they can all be traced back to a root CA via the certificate system.

1 • 2 Next Page Last Page

Want to more of this to be delivered to you for FREE?

Subscribe to EDN Asia alerts and receive the latest design ideas and product news in your inbox.

Got to make sure you're not a robot. Please enter the code displayed on the right.

Time to activate your subscription - it's easy!

We have sent an activate request to your registerd e-email. Simply click on the link to activate your subscription.

We're doing this to protect your privacy and ensure you successfully receive your e-mail alerts.

Add New Comment
Visitor (To avoid code verification, simply login or register with us. It is fast and free!)
*Verify code:
Tech Impact

Regional Roundup
Control this smart glass with the blink of an eye
K-Glass 2 detects users' eye movements to point the cursor to recognise computer icons or objects in the Internet, and uses winks for commands. The researchers call this interface the "i-Mouse."

GlobalFoundries extends grants to Singapore students
ARM, Tencent Games team up to improve mobile gaming

News | Products | Design Features | Regional Roundup | Tech Impact