‹#›
September
25, 2012
Summary of
Highest Risk Levels for Privacy and Tracking Attacks
Type of Attack
Initial
Full
Mitigation
After Mitigation
Tracking
* - US DOT technical team rankings are
lower
Tracking Vehicles using 1-Day Certificates by Funded Private Organizations
Use shorter duration for certificates, to make this attack more difficult, such as 5-minute certificates which are now assumed for initial and full CAMP models
Medium
Find and Track Vehicles by Government Organizations
Assumptions: certificates are
linked to VIN,
a subpoena/warrant is not required & full RSE network deployed
Low
High*
Public SCMS: Do not link certificates to VIN and/or require legal process
Private SCMS: Require legal process
Medium
Law Enforcement
Traffic Law Enforcement.
Assumptions: using BSM information is advantageous as compared to current automated
traffic
enforcement systems and data would hold up in a court of law*
High*
High*
Under these assumptions, a technical mitigation for this risk has not yet been identified. Further technical and policy study is required.
TBD
Medium to High
Medium to
High