privacy intelligent transport systems road pricing

8/9/2019 Privacy Intelligent Transport Systems Road Pricing

1/19

eSecurity WG Slide 1

[ Telematics Road PricingSecurity & Privacy Solutions

Stefaan Motte

Manager NXP Competence Center Crypto & System Security


2/19


[ Outline

Introduction: the telematics road pricing use case

Road pricing in practice Road pricing end-to-end system

Data flow, storage policies and controllers depending on

chosen solution Enforcement

Conclusions


3/19


4/19


[ Main requirement for end-user:Privacy

My latest skiing trip, according to my GPS-enabled cellphone, and Google


5/19


[ Telematics road pricing sciencefiction?


6/19


[ Outline Introduction: the telematics road pricing use case Road pricing in practice

Road pricing end-to-end system Data flow, storage policies and controllers depending on chosen

solution

Enforcement Conclusions


7/19


[ Road pricing End-to-End System

TravelPath

Transport &payment card

ServicesServer(s)

Vignette

OBU

GPS

SatelliteSecure

Positioning

Secure

Payment

Secure ID

SecureServices

SecurePhysical Link


8/19


9/19eSecurity WG Slide 9

[ So how to implement this, andwhat are the information flows?

Three use cases Thin client: store and forward

Fat client: do everything internally

Smart client: best of both worlds?

Why three use cases? Choice has not been made yet, countries and regions are

still investigating their options

Data flow, and privacy impact vary between the cases, as

does cost and ease of maintenance



[ A very simple/naive solution

Thin OBU

Toll ServiceProvider PaymentSchemeProvider

7. PaymentProof

2.waypoints/time

+carID

3. Map matching4a. Tariff Look-up4b. Fee Calculation

5. Payment

request

Pro: Super light (i.e. cheap) OBU All logic in controlled back-end environment

Secure On the fly dynamic updates possible

Statistics and value-add services possible

Good solution? Clearly a privacy nightmare!

Service provider gets all location & speed information Service provider knows personal details

(cfr sms parking in e.g. Leuven, and many major cities)

1. Collect waypoints



[ The other extreme Fat OBUPrivacy: No private information leaves the OBU

But at a cost Heavy processing/memory requirements

(increasing HW and license cost) Map and price updates!! Feasible? No anonymous statistics possible

Need for high OBU security (trust)

Toll

Service

Provider

7. PaymentProof

1. Collect waypoints

2. Map matching3a. Tariff Look-up

3b. Fee Calculation

+OBUmaintenance

(Far

e&mapsupdate)

4.

CarIdentity+

Fee

Payment

SchemeProvider



[ The other extreme Fat OBU

So no private information needs to leave the OBU

but:8. Invoicing of individual EETS Users by EETS

Providers shall clearly separate the service charges of the

EETS Provider and tolls incurred, and shall specify, unlessthe user decides otherwise, at least, the time at which andthe location where the tolls were incurred and the user-relevant composition of specific tolls.

(commission decision on the definition of the European Electronic Toll Service and its technical elements)

Sounds like an opt-out approach? Privacy benefitcompared to thin client is gone.



[ Third option: Meet in the middle Smart OBU?

PaymentScheme

Provider

Toll Service

Provider

8. PaymentProof

6. Fee +

Account Number

5.

CarId

entity+

Fe

e

7. Payment

Transaction

Toll Service

Proxy

1. Anonymized

Waypoints

3b. Tariffs

2. Map matching

3a. Tariff Lookup

3c. Fee Calculation

Pro: Dynamic fee & map updates are

managed @server Fee calculation (based on personal

details) done inside OBU Low processing requirements for

OBU (cost-optimized). Anonymous back-end info: value-

add services possible

Privacy: Need to properly anonymize the

waypoints Need to properly anonymize the

network traffic If so: no private information leaves

the OBU




Road pricing end-to-end system

Data flow, storage policies and controllers depending on chosen

solution




[ Camera-based Enforcement

Toll Charger

Enforcement

+ Time

+ Time + auth

Confirmation +payment proof

Get OBU ID

Enforcementrequest + Time +

auth

{Waypoints, fees}

Proof

Toll Service

Provider

IP

DSRC



[ Online versus offline system Typically, data of non-offenders is not stored (e.g. speedcontrol in tunnels based on trajectory measurements). Using DSRC, real-time check whether OBU is functioning. However, instant verification whether correct fee is being

paid is only possible in on-line system, i.e. in thin client

model. How to handle off-line systems, where fee aggregation

and payment is deferred to a later time? Data needs to bestored! OBU can store location/fee/invoice data as proof Does the Data Retention Directive apply to Road Tolling in general,

only to a specific section or not at all What is an acceptable/appropriate retention time, both on the

OBU as in the enforcement system Can enforcement access OBU data directly, or is there need to go

via Toll Service Provider?




Road pricing end-to-end system

Data flow, storage policies and controllers depending on chosen

solution




[ Conclusions

Many systems/solutions are possible, and the law

does not bring clarity which system shall be adopted

Level of privacy varies widely, depending on the

type of system that is chosen

Industry needs to be agnostic to the system that ischosen Agnostic ignorant!!

Be aware of all possible scenarios, and be able to secure

them all.

Privacy respecting solutions seem available for both smartand fat clients


19/19

[ Thanks

privacy intelligent transport systems road pricing

Documents