Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (20)
Ähnlich wie Connected vehicles
Ähnlich wie Connected vehicles (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Connected vehicles
- 1. Privacy and the Car of the Future Consideration for the coming connected vehicle
- 2. whoami • BSEE, digital communications • Many years as a network engineer • Santa Clara University Law student • Research assistant providing technical expertise on privacy audits and reviews • Contracted by auto consortium to review privacy of proposed vehicle to vehicle safety network
- 3. Standard Disclaimer IANAL (Yet) But if you know anyone looking for summer interns....
- 4. Non-Standard Disclaimer A current NDA covers some of my work here (but not very much) The focus will be on published information and standards.
- 5. What is This Project? • DSRC: Dedicated Short Range Communications • (Where “short” == 380m) • Vehicle to Vehicle • Vehicle to infrastructure in Europe - Not having to wait for a light on an empty street again. - Better traffic planning for better cities and roadways.
- 6. Why is It being Developed? Safety Photo Credit: Jason Edward Scott Bain
- 7. Non-trivial Impact on Auto Deaths • World Health Organization estimates 25% of vehicle deaths each year can be prevented. • Fatigue and distracted driving accidents reduced. • Blind Corners, fog and limited visibility accidents reduced. Photo: Public Domain
- 8. Will This really Happen? IT ALREADY IS
- 9. How Soon? • Hardware is already being shipped. • Software issues still entirely in the air • More is being done in software these days. • The US Dept. of Transportation is considering mandating this for all new cars. (Decision to come later this year.) • Has already deployed in trucks in Europe
- 10. What is DSRC • Basic safety messages sent out every 1/10 seconds. • All message carry a standard glob: values for pre-defined vehicle trajectory and operational data. • Cars process data and warn driver. • Equipment integrated into vehicle Photo Credit: US Dept. of Transportation
- 11. Photo Credit: NIST AfterMarket Installation A little cumbersome
- 12. What DSRC is not • CANbus • OnStar (or any other remote service) • (Direct) support for autonomous driving mechanisms. Photo Credit: US Dept. of Transportation
- 14. Radio protocol • 5.9GHz reserved in US and Europe • Signaling standard: IEEE 802.11p / 1609.4 / 1609.3 • Channels reserved for specific functions • No source address for vehicles defined by protocol • Recommendations include using certificates • Privacy challenges at each layer Photo Credit: NASA
- 15. Basic Safety Message • Standard: SAE J2735 • ~50 fixed data elements • “only” interface to radio (on this band)
- 16. Parameters for effectiveness • Density • Benefit derived from other vehicles’ use • Greater usage means greater effectiveness • Confidence • Most messages must be trustworthy • People must trust information broadcast
- 17. Validity? • All messages are cryptographically signed • Signing certificates issued by central authority • Issued based on system fingerprint • Revocation for “malfunctioning” Image source: US Dept. of Transportation equipment • System should invalidate itself if internal checks fail
- 18. Certificates • Limited time use to prevent tracking • Reused? • Periodically refreshed (and malefactors reported) • How often? • Permanent blacklist
- 19. Privacy?
- 20. MAC Layer • Changeable source (for vehicles) / no destination • Unrouteable! (mostly) • No significant privacy concern as is. • Any algorithm to make network routeable will make vehicles trackable.
- 21. BSM • “Temporary” ID could become persistent with bad app • Open source apps suggested for processing and acting on message data • Is this the only thing the unit will transmit?
- 22. Certificates • Identity/Validity conflict • Solution: constantly changing certificates • Revocation by fingerprint • Issuing authority?
- 23. Fingerprints • “No” correspondence between fingerprint and car • “hard coded” into device • If revoked, entire unit must be replaced to function Photo Credit: NIST
- 24. Certificate Delivery • Haven’t figured out how certificates are delivered to vehicle • Proposals include cellular, wifi, infrastructure links • So many opportunities for failure
- 25. Worrisome Noise • Manufacturers want to use this system for commercial apps • Advertising and other “funding” schemes to pay for CA • Fixed infrastructure potentially operated by data brokers
- 26. Problem: Law Enforcement • What can they do with this? • Correlate location, speed to independent identification? (cameras?) Photo Credit: Alex E. Proimos
- 27. What you Can Do • Hack the radios • Commercially available now • Hack the protocols • Become politically engaged • Most decisions are not being made by elected officials • Help find a way to fund the infrastructure without selling out!
- 28. Thank you
- 29. Acknowledgements • Professor Dorothy Glancy, who requested my help on this project • DC 650 (especially Charles Blas) who gave me a reality check with current security and privacy capabilities
- 30. Contact • Christie Dudley • @longobord • c.dudley@ieee.org
Hinweis der Redaktion
- Current law student. Privacy professor needed help
- should not matter But I’m working on that whole “lawyer” thing.
- little information to complete the audit. can talk about most published standards
- DSRC is a series of protocols. Has changed over the years of development. Black Hat talk: protocols are no longer relevant
- collision early warning system. - prevent accidents. - Save lives NHTSA “ distracted ” 2009 (US) stats: Almost 5,000 deaths, est 448,000 injuries Not including other inattention involving physical/emotional state of driver
- Good Work - want it to happen . Anecdote: driving in pouring rain too afraid to slow down, too afraid not to.
- Large scale testing in Ann Arbor Michigan started last August. Auto makers have already invested heavily in this technology. A few startups here in Silicon Valley to implement this.
- American government won’t spend money on infrastructure May be related to “black box” recent US mandate. Trucks have no privacy concerns as they are commercial vehicles.
- A system of protocols Not like asn.1 - not data pairs - Map of data
- Designed claimed as a “sealed” system, with sensor integrity and accuracy checks.
- Automakers lesson from CANbus: insecurity caused no real problems No new tech to mech tech - needs human intervention. “ sealed” sensor system with integrity checks.
- HOW it works
- Japan doesn’t have the same spectrum available ETSI and FCC approved operating parameters (Biggest difference: US allows more power.) 33 vs 44.7 dBm
- Minimum requirement for system. Additional protocols considered in Europe. illustrates general and some specific fields data = whatever’s useful in avoiding collisions
- More use = more effective People must trust the system Not just received, but what is sent about them Privacy is important or people will disable it Technological trust is better than laws
- Signature and certificate management - on radio Sensor validation (beyond scope here)
- Still not nailed down Ann Arbor test: came pre-loaded
- This is where we start talking about the FUD
- Already pressure for other apps - that need routing. Tension between routing and identifiability
- F/OSS Apps kind of neat. Closer to autonomy... Fun: someone in blind spot: “I wouldn’t do that, Dave” - give your vehicle too much power? This is too neat a toy to not use for other things.
- Permanent Blacklist? - may not be problem as internet - must replace entire blacklisted unit.
- Another problem for anonymity Many schemes to deal with this. Current solution is “no paper trail” We already have certain mistrust of CAs
- IEEE 1609 family beyond scope, won’t work - raises many more privacy concerns By the way 9 data brokers took the 5th before Congress in 2006 when asked to reveal the sources of their data.
- Tracking, ticketing, whatever else they may want to do.
- Fund certificate authority - funding has power.