Telematics: Making V2X back-end infrastructure secure

Telematics: Making V2X back-end infrastructure secure

Vehicle-to-infrastructure (V2X) technology is still in the testing and demonstration phases, but it’s already apparent that security is essential to the success of such systems. Back-end infrastructure security considerations are crucial to future developments.

Markus Bauer of BMW’s Active Concepts and Integrated Safety division notes that the privacy aspect of a secure V2X system is particularly important because the US Department of Transportation (DOT) is currently considering deploying V2X as a mandate. “In Europe, they’re not thinking of a mandated system at the moment, so people will opt in,” Bauer says. Users may “not be asked in the US.”

Andre Weimerskirsch, CEO and president of Escrypt, the embedded security firm that created the CAMP security framework, says a common fear about V2X is the idea of rogue messages taking control of cars—even though V2X is a long way from having that capacity. “All the safety apps today are only intended to be a warning or notification,” Weimerskirsch says, such as a red light flashing inside the car. “So there are no safety issues. It prepares the driver to react and do the right thing.” (For more on V2X, see Special report: Telematics and V2V/V2X technologies.)

The connectivity question

The first layer of V2X communication involves the vehicle-to-vehicle (V2V) aspect of the system. In the last few years, IEEE standard 1609 has been developed to manage Wireless Access in Vehicular Environments (WAVE). An SAE standard developed specifically for V2X now defines message content format. Just as laptop computers use WiFi that’s based on an IEEE standard (usually 802.11g or b), 802.11p will be used in cars for dedicated short-range communication (DSRC).

The second component is the V2X system, which could use DSRC technology or cellular network connections. Alternatively, OEMs already offering a connected service, such as OnStar or Sync, might opt to use that connection for V2X capability. “It’s not yet clear what will happen,” Weimerskirsch explains.

Many automakers are biding their time, waiting to see if the US government or some private organization will establish a set of roadside V2X communication units. Doing so will take a lot of money, and OEMs will want to be sure their cars are appropriately equipped to use whatever is put in place.

Cost of infrastructure

Precisely because of the tremendous cost of infrastructure, the US NHTSA has asked the auto industry to examine ways in which a V2X security system could be operated without infrastructure, notes Jim Wright, Connected Vehicle Manager for the American Association of State Highway and Transportation Officials (AASHTO).

“Every time we log on [to the Internet] with a laptop, we go through a security process, so there are many ways to do this,” Wright says. One current idea is to load new vehicles with a year’s worth of security certificates, which could be replenished and updated via the dealer.

In most cases, car companies favor a roadside infrastructure-based security system, according to Wright. But because state governments are already struggling with budgets, it’s not likely that they will find the money to create widespread roadside DSRC infrastructure anytime soon.

Using cellular network connectivity is another possibility, but “nobody wants to force people to have a cellular subscription to take advantage of safety equipment on their vehicles,” Wright says. “Safety is a right. You shouldn’t have to pay for it.”

This is one of the biggest remaining questions in the development of V2X. The US DOT currently has two studies under way, one examining secure communication options that don’t require infrastructure and the other exploring the organization needed to handle the security system component of V2X. (For more on DOT, see What DOT’s new distraction guidelines mean for telematics and DOT’s distraction guidelines as challenge and opportunity.)

Communication security

Just as creating communication links among moving objects requires special technology standards, making sure V2X remains a secure feature throughout the life of the vehicle requires some ingenuity.

Where onboard systems are concerned, Weimerskirsch suggests the V2X-enabling mechanism may be enclosed within the vehicle’s theft-protection system. If it’s removed from the vehicle, it will stop working. “It needs to be really interconnected to the car,” he explains.

This not only ensures that the system retrieves accurate information from sensors, but also prevents someone from taking the unit, connecting it to another computer, and using it to tamper with the V2X network.

This close integration with the vehicle’s systems may make it a challenge for aftermarket V2X system devices to work well, at least initially. But they are certainly possible, Weimerskirsch says: “The important thing is communication security, and that’s already defined.” (For more on the aftermarket, see Is there an aftermarket market for V2V telematics?)

Privacy considerations

What does change are privacy considerations. A vehicle with a certain set of apps might provide a sort of identifier of the driver, “because your car is one of just a few that has exactly that set of apps installed,” Weimerskirsch points out. These privacy issues need to be better understood, he says.

In Europe, the level of privacy offered by a particular V2X-enabled vehicle will likely be decided by carmakers. In the US, the government may decide it—if the mandate is enacted. In that case, “if you buy a car, it will just be in there. So you want to satisfy the most privacy-concerned people,” Weimerskirsch says.

This means that no identifiers would be included in data transmission. If two messages are sent from the same vehicle, they should not be linked in any way, so there’s no possibility of tracking patterns or using the data to discern the location of a particular vehicle. “That’s why we’re putting very strong levels of privacy in the technical designs,” says Weimerskirsch. “We don’t want [these issues] to even come up.”

Jessica Royer Ocken is a regular contributor to TU.

For more on V2X, see Special report: Telematics and V2V/V2X technologies.

For more on V2V/V2X technologies, join the industry’s other key players at Telematics Detroit 2012 on June 6-7 in Detroit.

For all the latest telematics trends, check out Insurance Telematics USA 2012 in September in Chicago, Telematics Brazil & LATAM 2012 on September 19-20 in Sao Paulo, Telematics Japan 2012 in October in Tokyo, Telematics Munich 2012 on October 29-30 in Munich, and Telematics for Fleet Management USA 2012 in November in Atlanta.

For exclusive telematics business analysis and insight, check out TU’s reports on In-Vehicle Smartphone Integration Report, Human Machine Interface Technologies and Smart Vehicle Technology: The Future of Insurance Telematics.

Leave a comment

Your email address will not be published. Required fields are marked *