Advertisement

Security, Privacy, Identifications

  • William Whyte
Reference work entry

Abstract

An ITS system will feature many different types of application. These applications all have their own security and performance needs, which may differ from each other. Additionally, the fact that different applications may coexist on the same device introduces additional security considerations. This chapter reviews the security mechanisms that may be used for different classes of application, and for the device as a whole, and surveys their deployment history and their support in standards. The aim is to provide an implementer of any ITS application with a usable starting point to help them determine which security services to use in their application and how those services should be implemented. Particular attention is paid to issues of privacy: ITS applications have an inherent risk of revealing personal data, such as current location, to parties who have no right to that data, and as such an implementer must take care to ensure that privacy is preserved to at least the level required by local regulations. The chapter also reviews security management operations such as issuing and revoking digital certificates.

Keywords

Security Service Certificate Authority Intelligent Transportation System Digital Certificate Privilege Class 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 18 U.S.C. § 2721 et. seq. (1997) Drivers privacy protection act. Available at http://uscode.house.gov/download/pls/18C123.txt. Accessed 30 July 2011
  2. Adams JGU (1982) The efficacy of seat belt legislation? Transactions of the Society for Automotive Engineers, pp 2824–2838. Available at http://john-adams.co.uk/wp-content/uploads/2006/SAEseatbelts.pdf. Accessed 27 May 2011
  3. Architecture Development Team (2007) National ITS Architecture Security, U.S. Department of Transportation, Washington, DCGoogle Scholar
  4. Barker E, Barker W, Burr W (2007) NIST special publication SP 800-57, recommendation for key management – part 1: general. National Institute of Standards and Technology, pp 1–142. Available at http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf. Accessed 30 July 2011
  5. Booz Allen Hamilton (2008) Vehicle Infrastructure Integration (VII) proof of concept (POC) test final report (Executive summary)Google Scholar
  6. Buttyán L et al (2009) SLOW: a practical pseudonym changing scheme for location privacy in VANETs. In: IEEE VNC. TokyoGoogle Scholar
  7. Car 2 Car Communications Consortium (n.d.), C2C security working group CAM/DENM security summaryGoogle Scholar
  8. Cohen A, Einav L (2003) The effects of mandatory seat belt laws on driving behavior and traffic fatalities. Rev Econ Stat 85(4):828–843, http://www.mitpressjournals.org/doi/abs/10.1162/003465303772815754
  9. Deutschland T (2009) Sichere Intelligente Mobilität Testfeld Deutschland KommunikationsprotokolleGoogle Scholar
  10. ETSI (2010) ETSI TS 102 731: Intelligent Transport Systems (ITS); Security; Security services and architectureGoogle Scholar
  11. ETSI (2011) ETSI TS 102 867: Intelligent Transport Systems (ITS); Security; Stage 3 mapping for IEEE 1609.2; IEEE 1609.2 profileGoogle Scholar
  12. European Data Protection Supervisor (2010) Opinion of the European data protection supervisor on the communication from the commission on an action plan for the deployment of intelligent transport systems in Europe and the accompanying proposal for a Directive of the European Parliament and of the Official Journal of the European Union, pp 47/6–47/15. Available at http://dialnet.unirioja.es/servlet/articulo?codigo=2156793. Accessed 24 May 2011
  13. Evita Project (n.d.) EVITA. Available at http://evita-project.org/. Accessed 9 July 2011
  14. Gerlach M, Guttler F (2007) Privacy in VANETs using changing pseudonyms-ideal and real. In: Vehicular technology conference 2007 VTC2007Spring IEEE 65th. pp 2521–2525. Available at http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4212947
  15. IEEE Vehicular Technology Society (2006) IEEE 1609.2-2006, Trial-use standard for wireless access in vehicular environments— security services for applications and management messages. IEEE Intelligent Transportation Standards Committee, PiscatawayGoogle Scholar
  16. IEEE Vehicular Technology Society (2010a) IEEE Std 1609.3-2010, Standard for wireless access in vehicular environments (WAVE) – networking servicesGoogle Scholar
  17. IEEE Vehicular Technology Society (2010b) IEEE Std 1609.4-2010, IEEE Standard for wireless access in vehicular environments (WAVE) – multi-channel operationGoogle Scholar
  18. IEEE Vehicular Technology Society (2011a) IEEE 1609.2-2011, Standard for wireless access in vehicular environments – security services for applications and management messages, IEEE, Piscataway, NJGoogle Scholar
  19. IEEE Vehicular Technology Society (2011b) IEEE td 1609.11-2010: IEEE standard for wireless access in vehicular environments (WAVE) – over-the-air electronic payment data exchange protocol for intelligent transportation systems (ITS), IEEEGoogle Scholar
  20. International Standards Organization (2003) ISO 15628 Road transport and traffic telematics – dedicated short range communication (DSRC)—DSRC application layerGoogle Scholar
  21. International Standards Organization (2004) ISO 14906 Road transport and traffic telematics – electronic fee collection – application interface definition for dedicated short-range communicationGoogle Scholar
  22. Jentzsch A, Hackstein B, Goß S (2010) Security under automotive conditions and its influence on the product development process. In: Embedded world conference class 1.5, cryptography and embedded security. Available at http://www.embedded-world.eu/program/day-1.html?program_id=2310
  23. Johnson D, Menezes A (n.d.) The elliptic curve digital signature algorithm (ECDSA), WaterlooGoogle Scholar
  24. Koodli R (2007) RFC 4882: IP address location privacy and mobile IPV6: problem statement. Available at http://www.ietf.org/rfc/rfc4882.txt. Accessed 3 June 2011
  25. Koscher K et al (2010) Experimental security analysis of a modern automobile. In: 2010 IEEE symposium on security and privacy. IEEE, pp 447–462. Available at http://www.computer.org/portal/web/csdl/doi/10.1109/SP.2010.34. Accessed 9 July 2011
  26. Kung A et al., with SeVeCom (2007) SeVeCom deliverable 2.1 – security architecture and mechanisms for V2V/V2I. Available at http://www.sevecom.org/Deliverables/Sevecom_Deliverable_D2.1_v3.0.pdf. Accessed 30 July 2011
  27. Laberteaux KP, Haas JJ, Hu Y-C (2008) Security certificate revocation list distribution for vanet. In: Proceedings of the fifth ACM international workshop on VehiculAr Inter-NETworking – VANET’08, 88 p. Available at http://portal.acm.org/citation.cfm?doid=1410043.1410063
  28. National VII Coalition (2007) Vehicle infrastructure integration privacy policies framework, version 1.0.2Google Scholar
  29. Oversee Project (n.d.) OVERSEE. Available at https://www.oversee-project.com/. Accessed 9 July 2011
  30. Perlner RA, Cooper DA (n.d.) Quantum resistant public key cryptography: a survey. Quantum. National Institute for Standards and TechnologyGoogle Scholar
  31. Preciosa Project (n.d.) PRECIOSA – privacy enabled capability in co-operative systems and safety applications. Available at http://www.preciosa-project.org/. Accessed 11 July 2011
  32. Preserve Project (n.d.) www.preserve-project.eu, Preparing secure V2X communication systems. Available at http://www.preserve-project.eu/. Accessed 11 July 2011
  33. RITA Joint Programs Office (2011) Intelligent Transportation Systems (ITS) standards program strategic plan for 2011–2014, Available at http://www.its.dot.gov/standards_strategic_plan/stds_strat_plan.pdf. Accessed 30 July 2011
  34. Schneier B (1996) Applied cryptography, Wiley. Available at http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.99.2838&rep=rep1&type=pdf. Accessed 30 July 2011
  35. SeVeCom (2006) SeVeCom deliverable 1.1 – VANETS security requirements final version, Available at http://www.sevecom.org/Deliverables/Sevecom_Deliverable_D2.1_v3.0.pdf. Accessed 30 July 2011
  36. Society for Automotive Engineers (2009) SAE J2735, Dedicated short range communications (DSRC) message set dictionary, Available at http://standards.sae.org/j2735_200911. Accessed 30 July 2011
  37. Society for Automotive Engineers (n.d.) SAE J2945, Dedicated short range communication (DSRC) minimum performance requirements. Available at http://standards.sae.org/wip/j2945
  38. US Department of Transportation (2011) Core system concept of operations (ConOps), Revision CGoogle Scholar
  39. Vehicle Safety Communications Consortium (2005) VSCC final report appendix H : WAVE/DSRC securityGoogle Scholar
  40. Vehicle Safety Communications Applications (n.d.) Vehicle safety communications applications (VSC-A) task 5 interim report II vol IV: vehicle security for communication-based safety applicationsGoogle Scholar
  41. VII Consortium (2009) Final report : vehicle infrastructure integration proof of concept executive summary – vehicle. Security. Available at http://ntl.bts.gov/lib/31000/31000/31079/14443_files/14443.pdf
  42. VIIC (2008) Vehicle infrastructure integration (VII) final report. VII Consortium, Novi, MIGoogle Scholar
  43. Wikipedia a. Wikipedia: IPSec. Available at http://en.wikipedia.org/wiki/IPsec. Accessed 3 June 2011
  44. Wikipedia b. Wikipedia: transport layer security. Available at http://en.wikipedia.org/wiki/Transport_Layer_Security. Accessed 3 June 2011
  45. Wolf M, Weimerskirch A, Paar C (2004) Security in automotive bus systems. In: Workshop on embedded IT-security in cars. Citeseer, pp 1–13. Available at http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.92.728&rep=rep1&type=pdf. Accessed 14 Nov 2010

Copyright information

© Springer-Verlag London Ltd. 2012

Authors and Affiliations

  1. 1.Security InnovationWilmingtonUSA

Personalised recommendations