Nowadays, the topic of self-driving cars gets a lot of attention even in everyday chit-chat. Such vehicles appear more and more frequently in several countries and developing the required technology became one of the main priorities of manufacturers. There are a lot of different opinions regarding autonomous vehicles and one kind of these simply argue the safety of them, posing questions, such as „What ensures that they will not crash into each other?” and the like. The answer is - beside many others - our beloved subject: PKI. Let’s see, how.
The main idea for autonomous vehicles in order to prevent accidents is to communicate, not just with each other, but with the surrounding traffic environment (eg. road side units) as well. This concept is called a „V2X” (Vehicle-to-everything) communication. V2X can be applied not only for security purposes, but as well for trip planning, navigation or fleet management et cetera.
During this exchange of data, the parties need to verify their permissions and they do so with the usage of certificates. This is crucial, because if a malicious party would like to interfere with (eg. hijack) the communication, without this set of security measures, it could easily do so. Verification or certification, as well as pretty much all communication listed here, uses elliptic curve cryptography (ECC), which is currently the most up-to-date and secure method to sign messages.
As this process needs certificates, it is clear that it also needs an entity to issue those; generally, in public key infrastructures, this is done by some kind of certificate authority and here is no different. In the related standards , on the top of this hierarchy there would be a RootCA, basically the whole system is built on the trust in these. The Root CA will issue certificates for two other authorities, the Enrolment Authority (EA) and the Authorization Authority (AA).
The Enrolment Authority’s main task is to authenticate the car’s On-Board Unit (OBU)’s canonical ID or certificate. If everything is in order, it issues a so-called Enrolment Credential (EC). The ECs are needed in the next step of the process, mainly by the Authorization Authority.
The need for Authorization Authorities originated from the need for anonimity when it came clear that some (eg. government organizations/secret services etc.) could have easily tracked a car’s movement by following the unique identifiers which the car would have used to communicate with. The current concept is that based on the Enrolment Credentials, the AA issues Authorization Tickets, which are pseudonymous (they cannot be linked to the ECs even) and with those, an entirely secure and untraceable flow of message can be sent to the surrounding environment.
Microsec Ltd. also takes part in developing PKI solutions to secure V2X communications. Recently two of the company’s developers (Szilveszter Tóth and Roland Kraudy) attended a V2X plugtest in Sophia Antipolis, France which will be followed by another one in Málaga, Spain.
© 2019 Microsec ltd. | Company registration number: 01-10-047218 | Tax number: 23584497-2-41