The United States National Highway Traffic Safety Administration (NHTSA) is planning to create an official standard for Vehicle-to-Vehicle (V2V) communications and the agency recently published an Advance Notice of Proposed Rulemaking (ANPRM) on V2V—effectively a notice that the standard and a requirement to implement it is on the way—along with a progress report on the development of this new technology.
Why is the US government getting involved in creating new technology standards? It doesn’t believe that the market would agree on a standard itself in a timely fashion if left to its own devices. “NHTSA believes that no single manufacturer would have the incentive to build vehicles able to ‘talk’ to other vehicles, if there are no other vehicles to talk to—leading to likely market failure without the creation of a mandate to induce collective action,” it said.
Safety and the connected vehicle
V2V communications is just one element in the development of the “connected vehicle”. After several decades of car design largely focusing on improving existing paradigms, automobile makers and regulators are now exploring the integration of a range of new technologies into tomorrow’s vehicles.
One of the core roles of the NHTSA is reducing the number of road accidents in the US and it believes that implementing this new technology could help prevent up to half a million automobile accidents a year and save more than 1,000 lives.
The proposed standards do not prescribe what kind of applications car manufacturers must develop for vehicles using the technology. Instead, the NHTSA has focused on creating a common communications systems that will allow vehicles from all manufacturers to communicate with one another.
Despite not mandating any applications, the NHTSA did trial two implementations of the technology, Intersection Movement Assist (IMA) and Left Turn Assist (LTA), both of which used V2V-based messages to obtain information to detect and then warn drivers of possible safety risks.
LTA warns drivers not to turn left in front of another vehicle moving in the opposite direction, while IMA warns drivers if it is not safe to enter an intersection due to a high probability of collision. The NHTSA found both had proven effective in mitigating or preventing potential crashes.
What about security? Obviously any V2V system will require very robust security to ensure that communications are neither spoofed nor tampered with, since the consequences of any interference could be fatal. The NHTSA has already sketched out a security framework that will allow for messages to be exchanged and authenticated in real time. However, the challenges in developing such a system are considerable. Vehicles must be able to communicate with one another without any prior interaction in a system that ultimately may need to scale to accommodate over 350 million users.
After examining several alternatives, the NHTSA has settled on an asymmetric Public Key Infrastructure (PKI) encryption system. PKI is designed to allow secure communications over public networks and relies on verifying identities through the use of digital signatures. The PKI system creates and manages digital certificates for each device and can revoke them if needs be.
PKI systems are widely used today, but what the NHTSA is proposing is vastly more complex than a standard implementation. By its own acknowledgement “no other PKI system exists today that is broad enough to serve as a key safety-critical model.” Why is this? Other public systems, such as military communications or air traffic control, involve parties that are known to each other as trusted sources or can be identified as such. Furthermore, they rely on secure or private data networks and don’t rely on the Internet or telecoms networks.
Private, commercial implementations do rely on the Internet and wireless telecoms networks. While they can be used to secure online financial transactions, they can verify user identities because of pre-existing agreement with certificate authorities (CAs), allowing user identities to reside within databases.
Why is the proposed V2V security framework far more complex than any other model? Privacy is one of the key reasons. A secure authentication framework is required that, at the same time, guarantees anonymity.
Specifically, a system is needed that separates some of the functionality to ensure that no one entity has the ability to match records that would lead to identification of an individual driver or vehicle. Privacy has also driven the need for a much greater amount of digital certificate usage. In this system, digital certificates use random identifiers that change frequently in order to lower the risk of associating a driver or a vehicle with any one certificate.
Figure 1. V2V security design in comparison to a basic PKI
Privacy considerations also have resulted in the addition of an element to obscure location coordinates when a vehicle or device communicates with the system (for example, to request more digital certificates or to report “misbehavior” in the form of suspicious activity).
When suspicious activity does occur in PKI systems, CAs typically act as misbehavior authorities, mitigating and removing suspicious activity. The misbehavior authority (MA) in the proposed V2V system will be a separate and more complex entity. As the NHTSA acknowledged, “not all of the described functionality of the V2V MA has been demonstrated (for example, the use of local detection and reporting) in industry.” It has however planned for demonstration and testing of an operational prototype.
Who will manage this complex security system? NHTSA is hoping that it can be contracted out to a private company. It said that it will also issue a Request for Information (RFI) in the near future to seek comments on whether any companies may have an interest in exploring the possibility of building and operating a V2V Security Credential Management System (SCMS) in addition to getting feedback on the proposed structure of the SCMS.
Given the unprecedented complexity of the SCMS, it remains to be seen whether such a system is feasible and if anyone is willing to accept the challenge of managing it.