‹#›
September 25, 2012
Summary of Highest Risk Levels for Privacy and Tracking Attacks
Type of Attack
Initial
Full
Mitigation
After Mitigation
Tracking
* - US DOT technical team rankings are lower
Tracking Vehicles using 1-Day Certificates  by Funded Private Organizations
Use shorter duration for certificates, to make this attack more difficult, such as 5-minute certificates which are now assumed for initial and full CAMP models
Medium
Find and Track Vehicles by Government  Organizations
Assumptions: certificates are linked to VIN, a subpoena/warrant is not required & full RSE network deployed
Low
High*
Public SCMS: Do not link certificates to VIN and/or require legal process
Private SCMS:  Require legal process
Medium
Law Enforcement
Traffic Law Enforcement. Assumptions: using BSM information is advantageous as compared to current automated traffic enforcement systems and data would hold up in a court of law*
High*
High*
Under these assumptions, a  technical mitigation for this risk has not yet been identified.  Further technical and policy study is required.
TBD
Medium to   High
Medium to   High