Our team began to observe the world with „PKI glasses” around 5 years ago. Since then, our industry went through an EU-wide regulation, major part of the European citizens can have certificate-based electronic signature creation capability, RSA algorithms have been aging and cars started to communicate with each other in baby language... but wait, what does PKI have to do with talking cars??
Estonia is probably the most digitalized nation having fully equipped society with eIDs and corresponding online services. During a regional event in Tallinn, we learnt that without smart device-based mobile ID option, the long-awaited end-to-end digital services remain a daydream, and today’s necessity of "physical eID / card reader" combination should be surpassed. Qualified remote signature solutions within reach maybe the help of the evolution.
The big book of all trust service providers is facing its second edition. The eIDAS can be reviewed according to the experiences and new user/market requirements in every fourth year. The regulation came into force in the middle of 2016, and the 177 European service providers have collected several areas for improvement within national and EU-wide levels such as security concerns of video identification. The official work on the first eIDAS review was launched in Berlin this autumn during the Trust Services Forum.
These days, certificate authorities’ most commonly used cryptosystem is RSA. Although there is no known cracking algorithm for it yet, relevant standards, regarding trust service providers, state that RSA used with the most common padding scheme (RSASSA-PKCS-v1_5) will only be compliant until December 31, 2022. There are other usable padding methods, but not as widespread, so in current recommendations, ECC (Elliptic Curve Cryptography) is very often present. This is the reason why Microsec started to replace its presently available services (e.g. timestamps) and implement new ones (e.g. V2X PKI) with ECC-based solutions.
The tectonic shift from the ruling technologies within the car industry are at least threefold and are happening in parallel. We have little to add to the electricity-powered engines, nor the autonomous driving capability, but the third focus is more interesting. Road infrastructure components, vehicles and other road users can achieve a safer environment, smoother traffic flow and energy-efficient ride. New vendors are emerging on the horizon of the automotive industry to make connected cars a reality. This is the point where the industry must be prepared to save the road users from a “hacker teenager”, by applying a security layer. Signature and validation of automatically broadcast and received messages is the domain of the vehicle-to-everything specific PKI (the V2X PKI). A formerly unimaginable number of signed messages need to be transmitted, GDPR compliant anonymity/un-traceability must be ensured, together with small enough message size. Interoperability tests among real traffic conditions, global standardization and pilot projects are taking place all over Europe, East-Asia and North-America.
Microsec team keeps more than one eye on the track. In 2019 we had expert talks, participated in workgroups, joined associations and carried out tests in Europe from the North to the South. This year there was less talk about blockchain. Quantum-safe cryptography gains attention.
More to come in 2020. Happy New Year!
© 2020 Microsec Ltd. | Company registration number: 01-10-047218 | Tax number: 23584497-2-41