will your car betray you

Will Your Car Betray You?Implications of proposed connected vehicle

technology on privacy

whoami

• BSEE, digital communications

• Too many years as a network engineer

• Santa Clara University Law student

• Research assistant providing technical expertise on privacy audits and reviews

• Contracted by auto consortium to review privacy of proposed vehicle to vehicle safety network

Standard Disclaimer

IANAL (Yet!)

Not that it matters anyway.

Non-Standard Disclaimer

A current NDA covers some of my work here.

Focus on published information and standards.

Dedicated Short Range Communicationsa safety network transmitting vehicle trajectory and function

Alerting inattentive drivers will save lives!

Challenges of DSRC

• Density

• Integrity

The National Highway Transportation Safety Board is considering a mandate to achieve these.

Auto manufacturers are on board with this

What DSRC Is

• IEEE 802.11p radio communications

• IEEE 1609

• Basic Safety Message API-like interface

• Data glob is a series of values for defined fields

• Only BSM interface to be presented to vehicle

What DSRC Is Not

• Connected to CAN bus OnStar or any other existing network

• Routed* (a “proper” network)

• Commercial

Basic Safety Message Fields

• Position and positional accuracy

• Transmission, speed, detailed acceleration data

• Braking status, including stability control

• Path history and prediction

• Event flags

BSM Format

What’s missing?

Addressing.

Open sourcing apps that access this interface does not matter.

Trust the radio?

• “Why shouldn’t you?”

about these certificates...

• Still haven’t nailed this down.

• Vehicle maintains a store of certificates

• Periodically changed

• Proposals for update period/method still being debated

• This includes updates for revoked

Where do Certificates come from?

• Double-key system to isolate device ID from request location.

• Can device IDs be correlated to people?

• Who issues these certificates?

• How does DSRC device request/receive certificates.

“Back-end interface”

• This also has not been decided

• Without infrastructure, models such as cellular, wifi how do you connect?

Worrisome Development efforts

• Commercial apps that ride on top of DSRC network

• Integration with public transit systems

• Fixed infrastructure

contact info

• Christie Dudley

• cdudley@scu.edu

• @longobord