Tackling the security challenge of the ‘internet of cars’

A new report (PDF) released by Transport Certification Australia (TCA) scrutinises the challenges of building a secure national ecosystem for the rollout of the so-called ‘internet of cars’: Cooperative intelligent transport systems (C-ITS), which can include vehicle-to-vehicle, vehicle-to-infrastructure and vehicle-to-person communications.

Although C-ITS presents opportunities to increase road safety, better manage traffic congestion, and reduce the environmental impact of the transport network, they also require new security infrastructure.

A key part of this is the development of a Security Credential Management System (SCMS) for Australia, which encompasses the “people, policies and processes and technologies”, including a Root Certificate Authority, necessary to ensure the security of messages exchanged between connected vehicles and infrastructure, the TCA report states.

The TCA describes an SCMS, which is an internationally developed approach to securing C-ITS, as both “an institutional framework and a piece of infrastructure”.

“Like any piece of infrastructure, its development needs to be approached as a long-term investment: the product of careful policy, planning and consideration as to its capability and longevity, and the organisational elements necessary to operate and maintain it,” the report states.

Vehicles and other connected devices are able to join an SCMS by sending a request to authorised entities called Enrolment Certificate Authorities. Enrolled vehicles can then be issued permits that contain no personal information by Pseudonym Certificate Authorities in order to participate in C-ITS applications, the report states. The Root CA acts as the ultimate authority for the system.

The TCA has been tasked with working with US and European regulators on international C-ITS harmonisation, including SCMS development. 

Connected and automated vehicles — CAVs — “depend on vehicles, road-side infrastructure and other road users communicating with each other in real-time,” said TCA CEO Chris Koniditsiotis.

“This means what we see as possible blurring between the transport and communication spheres, is in reality, its necessary and inevitable integration. Our aim is to ensure that this is seamless and secure.”

An SCMS needs to be treated as a “long-term national investment” for Australia, the TCA chief executive said.

There are a number of pressing decisions to be made about the design of an Australian SCMS, including whether there is a single system (the US approach) or multiple SCMS (the European approach), which entity would manage the SCMS, and the business model.

In December the Australian Communications and Media Authority released a class licence to facilitate the rollout of C-ITS, which rely on ‘Dedicated Short Range Communications’ (DSRC).