Current law student. Privacy professor needed help
should not matter But I’m working on that whole “lawyer” thing.
little information to complete the audit. can talk about most published standards
DSRC is a series of protocols. Has changed over the years of development. Black Hat talk: protocols are no longer relevant
collision early warning system. - prevent accidents. - Save lives NHTSA “ distracted ” 2009 (US) stats: Almost 5,000 deaths, est 448,000 injuries Not including other inattention involving physical/emotional state of driver
Good Work - want it to happen . Anecdote: driving in pouring rain too afraid to slow down, too afraid not to.
Large scale testing in Ann Arbor Michigan started last August. Auto makers have already invested heavily in this technology. A few startups here in Silicon Valley to implement this.
American government won’t spend money on infrastructure May be related to “black box” recent US mandate. Trucks have no privacy concerns as they are commercial vehicles.
A system of protocols Not like asn.1 - not data pairs - Map of data
Designed claimed as a “sealed” system, with sensor integrity and accuracy checks.
Automakers lesson from CANbus: insecurity caused no real problems No new tech to mech tech - needs human intervention. “ sealed” sensor system with integrity checks.
HOW it works
Japan doesn’t have the same spectrum available ETSI and FCC approved operating parameters (Biggest difference: US allows more power.) 33 vs 44.7 dBm
Minimum requirement for system. Additional protocols considered in Europe. illustrates general and some specific fields data = whatever’s useful in avoiding collisions
More use = more effective People must trust the system Not just received, but what is sent about them Privacy is important or people will disable it Technological trust is better than laws
Signature and certificate management - on radio Sensor validation (beyond scope here)
Still not nailed down Ann Arbor test: came pre-loaded
This is where we start talking about the FUD
Already pressure for other apps - that need routing. Tension between routing and identifiability
F/OSS Apps kind of neat. Closer to autonomy... Fun: someone in blind spot: “I wouldn’t do that, Dave” - give your vehicle too much power? This is too neat a toy to not use for other things.
Permanent Blacklist? - may not be problem as internet - must replace entire blacklisted unit.
Another problem for anonymity Many schemes to deal with this. Current solution is “no paper trail” We already have certain mistrust of CAs
IEEE 1609 family beyond scope, won’t work - raises many more privacy concerns By the way 9 data brokers took the 5th before Congress in 2006 when asked to reveal the sources of their data.
Tracking, ticketing, whatever else they may want to do.
Fund certificate authority - funding has power.
Privacy and the Car of the FutureConsideration for the coming connected vehicle
whoami• BSEE, digital communications• Many years as a network engineer• Santa Clara University Law student• Research assistant providing technical expertise on privacy audits and reviews• Contracted by auto consortium to review privacy of proposed vehicle to vehicle safety network
Standard Disclaimer IANAL (Yet)But if you know anyone looking for summer interns....
Non-Standard DisclaimerA current NDA covers some of my work here (but not very much) The focus will be on published information and standards.
What is This Project?• DSRC: Dedicated Short Range Communications • (Where “short” == 380m)• Vehicle to Vehicle• Vehicle to infrastructure in Europe - Not having to wait for a light on an empty street again. - Better traffic planning for better cities and roadways.
Why is It being Developed? SafetyPhoto Credit: Jason Edward Scott Bain
Non-trivial Impact on Auto Deaths• World Health Organization estimates 25% of vehicle deaths each year can be prevented.• Fatigue and distracted driving accidents reduced.• Blind Corners, fog and limited visibility accidents reduced. Photo: Public Domain
How Soon?• Hardware is already being shipped.• Software issues still entirely in the air • More is being done in software these days.• The US Dept. of Transportation is considering mandating this for all new cars. (Decision to come later this year.)• Has already deployed in trucks in Europe
What is DSRC• Basic safety messages sent out every 1/10 seconds.• All message carry a standard glob: values for pre-defined vehicle trajectory and operational data.• Cars process data and warn driver.• Equipment integrated into vehicle Photo Credit: US Dept. of Transportation
Photo Credit: NISTAfterMarket Installation A little cumbersome
What DSRC is not • CANbus • OnStar (or any other remote service) • (Direct) support for autonomous driving mechanisms.Photo Credit: US Dept. of Transportation
Radio protocol• 5.9GHz reserved in US and Europe• Signaling standard: IEEE 802.11p / 1609.4 / 1609.3• Channels reserved for specific functions• No source address for vehicles defined by protocol • Recommendations include using certificates • Privacy challenges at each layer Photo Credit: NASA
Basic Safety Message• Standard: SAE J2735• ~50 fixed data elements• “only” interface to radio (on this band)
Parameters for effectiveness• Density • Benefit derived from other vehicles’ use • Greater usage means greater effectiveness• Confidence • Most messages must be trustworthy • People must trust information broadcast
Validity?• All messages are cryptographically signed• Signing certificates issued by central authority• Issued based on system fingerprint• Revocation for “malfunctioning” Image source: US Dept. of Transportation equipment• System should invalidate itself if internal checks fail
Certificates• Limited time use to prevent tracking • Reused?• Periodically refreshed (and malefactors reported) • How often?• Permanent blacklist
Fingerprints• “No” correspondence between fingerprint and car• “hard coded” into device• If revoked, entire unit must be replaced to function Photo Credit: NIST
Certificate Delivery • Haven’t figured out how certificates are delivered to vehicle • Proposals include cellular, wifi, infrastructure links • So many opportunities for failure
Worrisome Noise• Manufacturers want to use this system for commercial apps• Advertising and other “funding” schemes to pay for CA• Fixed infrastructure potentially operated by data brokers
Problem: Law Enforcement• What can they do with this?• Correlate location, speed to independent identification? (cameras?) Photo Credit: Alex E. Proimos
What you Can Do• Hack the radios • Commercially available now• Hack the protocols• Become politically engaged • Most decisions are not being made by elected officials • Help find a way to fund the infrastructure without selling out!