Researchers from the University of Warwick’s Manufacturing Group (WMG) have undertaken real-world testing of four academic innovations in a bid to improve the privacy and security of data in CAVs.
The testing was completed at the universities of Warwick and Surrey in the UK, as well as at Millbrook Proving Ground. It was part of the IoT-enabled Transport and Mobility Demonstrator project funded by Lloyd’s Register Foundation.
The testing looked at how the vehicles could connect to each other and to roadside infrastructure. It also looked at how roadside infrastructures could connect to each other. The four innovations tested were developed within the PETRAS Internet of Things Research Hub and aimed to improve the security, privacy and safety of future connected vehicles.
Project lead, Prof. Carsten Maple, WMG, University of Warwick, said, “The units being investigated to be used in cars and on the roadside were taken to Parliament in February to demonstrate how they work; now we can focus on further testing in the real world. Future work include will include testing on 5G systems, and with different types of attacks.”
The four innovations tested were:
Group signatures
For a vehicle to communicate, it is important that the messages it sends contain proof that the vehicle is who it claims to be (via a digital signature). However, by revealing the vehicle’s identity, it allows that vehicle to be tracked over a long time. In order to provide privacy a group signature can be used, which only indicates that the vehicle is a member of a group.
The group signature scheme can be extended to use a time-stamp that updates every 10 minutes as a component of the signature. Therefore, if the vehicle was to send the exact same message at 10:00am and 10:10am, the group signature would differ and an eavesdropper would not be able to link that the vehicle sent both messages.
Authentication prioritization
It is an expensive task for a vehicle to verify another’s identity. Vehicles will have limited computing resources and so will only be able to verify a specific number of identities included in messages per second. For example, if a vehicle is on a busy motorway in traffic, there may already be more vehicles sending messages that can be verified in a timely manner. An adversary may also try to send many messages with incorrect signatures in order to prevent vehicles from verifying the identity of actual vehicles. Therefore, the order in which the identity of messages are verified is decided based on assigning a priority to the messages. A higher priority means that those messages have the identity of the sender verified first.
Decentralized PKI
When a vehicle is traveling down a road, it may meet multiple vehicles in a short space of time. In order to check the identity of these vehicles, the public key of the other vehicle needs to be downloaded from a keyserver. However, hosting this keyserver in the cloud has limitations due to additional communication hops increasing the time before the vehicle receives the necessary keys. Instead, vehicles can receive these keys faster if the keysever is distributed over Edge infrastructure that sits next to the road.
Decentralized PKI with pseudonyms
This innovation extended the previous innovation to support periodically issuing new identities to vehicles on the road to provide privacy. Both this innovation and group signatures may be required, as they are useful in different scenarios.