In an earlier blog, I discussed the many safety benefits of vehicle-to-vehicle (V2V) communications, which is estimated by the U.S. Department of Transportation (DOT) to prevent 80 percent of accidents involving unimpaired drivers. V2V communication works by sending basic safety messages (BSMs) between cars. These BSMs are not encrypted, to keep performance high, but they are signed with a certificate to ensure authenticity.
However, the transmission of these certificates could also lead to an invasion of privacy. Such privacy concerns include:
- Tracking – A 2009 Palo Alto Research Center (PARC) study showed that 5 percent of Americans (more than 15 million people) could be uniquely identified by knowing just the pairing of their home and work areas. By tracking the V2V certificates, this information could potentially be gathered.
- Traffic Enforcement – There’s a growing concern for the risk of police automatically issuing tickets for speeding and other infractions based on the tracking of V2V messages.
- Taxes – What would happen if the IRS could disable vehicles through V2V because of unpaid taxes?
- Solicitation – Would drivers be subject to unwanted advertising on their GPS displays based on their geographic locations through V2V communications?
Fortunately, the DOT seems to understand that if people think the system is being used to track them, there will be a public backlash and the V2V program will fail. The public needs to understand the steps currently being taken to ensure their safety, security, and privacy.
Those steps are:
- Protecting PII – Vehicles won’t transmit any personally identifiable information (PII) within the basic safety messages (e.g., names, license numbers, VINs, plate info, etc.)
- Rotating certificates – Each car uses at least 20 certificates per week, rotating them so one certificate can’t be used to track a person or vehicle, protecting against the home/work pairings found in the PARC study.
- Issuing new certificates – Each week, 20 new certificates are taken from storage and old ones are no longer used.
- Anonymity – When new certificates are needed, there are separate certificate authorities for receiving, creating, and issuing the certificates, so that each authority doesn’t know the certificate details for any vehicle. This also prevents insider attacks, since no one authority has access to the complete information.
Clearly, steps are being taken to ensure security in vehicle-to-vehicle communication. That said, the V2V communications application is still so new and there are still so many unexplored possibilities, that it’s only human to be a bit paranoid over personal privacy. A healthy dose of paranoia will put pressure on the implementers to safeguard your privacy. In reality, the best thing you can do is stay informed and let automakers and lawmakers know you care about protecting your privacy.
For the past two years, Gene Carter has been the Director of Product Management for the Embedded Security Business Unit at Security Innovation. Carter has spent the past 20 years in embedded and automotive product management roles for NXP Semiconductors, Philips Semiconductors, and Coto Technology. He holds an MBA from the University of Southern California’s Marshall School of Business and a BSc in Electrical Engineering from Tufts University.