1	Security and Privacy Understanding the Prototype V2V Safety Security Design Public Workshop: Enabling a Secure Environment for Vehicle-to-Vehicle and Vehicle-to-Infrastructure Transactions April 19 – 20, 2012 Tom Schaffnit
2	VII Consortium (VIIC) – Who we are Industry consortium (Michigan 501 (c6) non-profit) consists of nine light-duty vehicle manufactures.
3	VIIC focus within the Connected Vehicle Initiative The Connected Vehicle initiative encompasses a wide range of evolving technologies developed by many government, industry, and academic partners. The VIIC is primarily focused on deployment of cooperative safety and mobility applications based on 5.9 GHz DSRC
4	Vehicle Connectivity
5	Key Enabler – Security Autonomous vehicle safety applications depend upon sensor data from within the same vehicle Cooperative safety and mobility applications depend upon data from other vehicles, other off-board devices and from the infrastructure This data must be trustworthy in order for a cooperative system to work
6	Why We Need Security
7	VIIC Policy Goals for V2V Security Anonymity for mandatory services Non-Trackability for mandatory services Protection from Attacks on System Integrity Prevention of Unauthorized Access to Personally Identifiable Information (PII) No User Fees for mandatory services Stable, Long-term Policy and Technology with backward compatibility (decades rather than years)
8	Security System Scope & Limitations The following slides describe a prototype security system designed by the Crash Avoidance Metrics Partnership (CAMP) Vehicle Safety Communications 3 Consortium as part of cooperative projects with the USDOT for V2V safety applications: It has not been designed for nor has it been analyzed for applicability to V2I safety applications or non-safety applications that are part of the wider connected vehicle and infrastructure deployment scenario Additional security requirements for full deployment need to be analyzed and developed
9	What is a PKI?
10	Analysis of PKI
11	Security Design Balance
12	Split SCMS Overview
13	Issuing Certificates: RA & CA RA is the point of contact for an OBE RA shuffles OBE’s requests (over all OBEs and all requests) CA issues certificates
14	Efficient Revocation: LAs
15	Split Certificate Management Authority RA(s) knows who requested certificates, but does not know what is in the certificates CA knows certificate content, but does not know who requested certificates LA(s) knows the linkage IDs, but does not know who requested the certificates
16	Communication Mechanisms for the Connected Vehicle System
17	Key Questions for Further Study Can a V2V security solution for a mandated system with no reliance on public funding be identified that: Meets the technical requirements, Meets the policy goals to an acceptable degree, and Has a viable business case For communication networks, further study will consider: Cellular DSRC Other potential networks that are identified Potential combinations of two or more networks And other policy issues, such as governance, privacy, liability, etc.
18	"Thank You" Thank You