This is a short report on interesting talks related to automotive security from the vehicular security workshop held in Toronto from 24 – 27 September this Fall, co-located with VTC Fall 2017.
The talks concentrated on general security problems in the internal architecture, such as authentication, 3rd party devices and sensor information. The second keynote talk was about PKI scalability issues for autonomous systems. Chalmers also presented a paper about the use of Differential Privacy for privacy-preserving remote access to vehicular data.
On the first day, there was the Vehicular Security workshop (VSEC): http://ecewp.ece.wpi.edu/wordpress/wireless/events/vsec-2017
Keynote 1
The first keynote speaker at VSEC, Sandip Kundu from the US National Science Foundation, provided a broad overview of the various vehicular security issues [1], and highlighted some possible solutions. The main points, in a simple “problem -> solution” format, were:
– In-vehicle networks are vulnerable -> authentication
– 3rd party devices that attach to the OBD-II port, pose security challenges -> restrict device access
– Software integrity needs to be ensured -> trusted computing base (TCB), hardware security modules (HSM), secure boot, secure firmware updates, virtualization
– Sensor data is vulnerable -> authentication, validation, redundancy
– Privacy: financial and identity theft is more lucrative than compromising safety
– Much sensitive data (personal, commercial, research) -> data storage policies, identity management
His brief conclusion was that “Security and Privacy solutions involve technology, engineering execution, policy, usability” [1].
Keynote 2
The second keynote speaker at VSEC, Brigitte Lonc from Renault, reported on recent developments on security and privacy for intelligent transport systems (ITS) [2]. She presented results from the recently concluded ISE project [3], in which they evaluated PKI scalability and performance issues, and she introduced the follow-up project Secured Cooperative Autonomous systems (SCA) [4]. For results, please refer to [2] and [3].
Differential Privacy
The first regular presentation at VSEC gave an overview how differential privacy can play a role to increase privacy in the automotive industry, and what the challenges are in using differential privacy [5].
The use of symmetric instead of asymmetric encryption for signatures in V2X communications
In the second and last regular presentation a new protocol was presented, which proposes to use symmetric instead of asymmetric encryption for signatures between vehicles and road side units. I did not understand which aspect was novel in this paper, so please refer to the paper for details [6].
For questions or access to one of the papers, feel free to contact aljoscha@chalmers.se.
References:
[1] http://ecewp.ece.wpi.edu/wordpress/wireless/files/2017/10/vsec2017_kundu_talk.pdf
[2] http://ecewp.ece.wpi.edu/wordpress/wireless/files/2017/10/vsec2017_lonc_talk.pdf
[3] http://www.irt-systemx.fr/en/project/ise/
[4] http://www.irt-systemx.fr/en/project/sca/
[5] Nelson, B. and Olovsson, T. (2017) Introducing Differential Privacy to the Automotive Domain: Opportunities and Challenges, VSEC 2017.
[6] Asl, F. R. and Samavi, R. (2017) SyNORM: Symmetric Non Repudiated Message Authentication in Vehicular Networks, VSEC 2017.
