Consumers are becoming increasingly aware of the privacy and security aspects of their digital lives. Vehicle-to-vehicle or vehicle-to-infrastructure communication is yet another form of digital data exchange. How are privacy and security guaranteed?
A message does not actually need to be encrypted for authentication purposes: A signature is sufficient. In addition to the message, a hash (a digital fingerprint) of the message is sent that is encrypted using the sender's private key. The recipient can decrypt the hash using the public key. If the result matches the hash that he generates, he will know that the sender has the private key and the message has not been altered.
This system makes it possible to secure every connection by using a limited number of CAs. One advantage is that everything published in the chain is public information, which is available to everyone. The information that must be kept secret -- the private keys -- never needs to be sent.
A thousand or so
A similar system is to be used for the V2X communication: As with the Internet, vehicles will have to send messages with certificates that can be traced back through a chain to a root CA. "There will be quite a few less than on the Internet, only about four or five -- for example, the European Union and the US and a few others. On the Internet there are so many root-CAs that the chance of a leak is quite considerable," says Otero Perez.
All cars will be equipped with a secure element, a secure microcontroller that generates the sets of keys and processes the security aspects of the messaging process. The private keys therefore all have to be stored on this chip. What's more important, they are only stored on this chip; as with the Internet, all secret information is locally contained.
And also, as with the Internet, cars will be provided with a list of root-CAs -- albeit a somewhat shorter one. But unlike the Internet, it is difficult for a car to download a certificate from an intermediate CA. That is why vehicles will from time to time have to send certificates of their intermediate CAs in the message flow.
The nice thing is that in addition to the public key, extra information can be added to the certificates. The certificate for ambulances, for example, states that they can indicate when there is an emergency, so that the traffic can take anticipatory action.
But how about the privacy aspect? It is estimated that cars will be sending messages continuously, up to 20 messages per second, which are available for anyone to read, and can all be traced back to a unique public key. To solve this, a system of pseudo-certificates has been devised: Instead of one set of keys, the car will be provided with a large number of keys and associated certificates during rollout. For communication with other road users only these pseudo-certificates will be used.
"The details still have to be worked out," says Otero Perez, "but the idea is to generate a thousand or so of them. This way you can keep using different certificates whilst knowing that the sender is trustworthy."
Chain of trust
A certificate sent by a car is preceded by a process that starts during manufacture of the vehicle. Although many details still need to be worked out, especially regarding who is going to take on which role, it is clear what the procedure will be. The car generates its first set of keys in the plant: the module-identity key (M). This will be the unique code during its lifetime. The car manufacturer stores the public half of the set in its database. When the car is finished, a second set of keys is generated: the long-term identity key (L). This will serve as the vehicle's identification for many years.
For the long-term key, authenticated by the module key, a certificate is requested from the long-term certificate authority (LTCA). With this, certificates can subsequently be requested from a (legally independent) pseudo certificate authority (PCA) for a large number of pseudo keys (P) that cannot be traced back to, for example, the long-term identity key or the license number. These certificates are eventually used for signing the V2X communication. Once every so often the pseudo-certificates are renewed, so that it is very difficult to make a profile of a particular vehicle using sent messages.
— Lars Reger is Vice President Strategy, New Business and R&D, for the Automotive business unit at NXP.