|
1
|
- Safety Pilot Security System
|
|
2
|
- Safety Pilot/Model Deployment is a U.S. DOT research program conducted
by the RITA and NHTSA with CAMP to develop technology that will help
cars, trucks, buses, and other vehicles avoid crashes.
- The Program has two parts:
- Six Safety Pilot Driver Acceptance Clinics to help the Department learn
more about how drivers respond to crash-avoidance applications that use
connected vehicle communication.
The clinics have been held in locations around the country.
- The Safety Pilot Model Deployment that includes the installation of
wireless devices in up to 3,000 vehicles in one location to evaluate
the effectiveness of connected vehicle technology to prevent crashes.
The deployment will take place of Ann Arbor, MI from August, 2012 to
August, 2013 and will operate in an everyday environment.
- Both the Driver Acceptance Clinics and the Model Deployment results will
contribute to the NHTSA 2013 Agency Decision.
|
|
3
|
- To be complete, the Safety Pilot/Model Deployment security plan must
include all devices, communications, and policies determined by all of
the organizations that make up the installation.
- Devices: in-vehicle equipment,
roadside equipment, Internet-based equipment, support equipment.
- Communications: 5.9GHz DSRC
communication among vehicles, between vehicles and roadside, IP
communication between vehicles, roadside, and the Internet.
- Policies: USDOT, CAMP.
- The plan will be embodied in device requirement specifications,
experiment operational specifications.
|
|
4
|
- The parts of the system are controlled by a federation of equals
- Private industry; government at all levels.
- An appropriate level of trust is essential: All communications will be
signed using a common cryptographic process.
- Rights of ownership (privacy) are protected.
- The receiving party of a communication will be responsible for
determining the authenticity of any message.
- An entity trusted by all will establish the root secret that all
cryptographic security credentials will be based on.
- Security solution fits the communication needs
- Small data exchanges; rapid exchanges; short, intermittent connections.
- Devices share situation information (BSM’s, SPaT, etc.) in broadcasts
with no expectation of a response.
- Any response to broadcast information, or point-to-point interactions
that cause a result to occur in a device (such as a driver alert or
file update) will be initiated by the most vulnerable party to the
interaction: Onboard equipment
will initiate interactions with roadside equipment. Roadside equipment will initiate
interactions with Internet-based equipment. (NO push from the Internet)
|
|
5
|
|
|
6
|
- Security processes – either cryptographic or physical – will be applied
to all device interfaces used for operational and maintenance purposes.
- Mobile (Onboard)
- Integrated Vehicle Devices
- Aftermarket Safety Devices
- Vehicle Awareness Devices
- Heavy (Truck, Transit) Devices
- Field (Roadside)
- Center (Internet)
- Security Credential Management System
- Log File Management System
|
|
7
|
|
|
8
|
- Operational Communication
- WSMP over 5.9GHz DSRC for V-V between mobile devices.
- WSMP over 5.9GHz DSRC for V-I between mobile devices and roadside
devices.
- IP over 5.9GHz DSRC for point-to-point between mobile devices and
roadside devices.
- IP over Internet for point-to-point between roadside devices and
Internet-based devices.
- Provisioning and Maintenance Communication
- IP over Serial medium (Ethernet, USB) between all devices and
temporarily-attached tools.
- File content in removable medium (SD, USB) in certain mobile devices.
- NO mobile device or field device provisioning from Internet-based
devices
|
|
9
|
|
|
10
|
|
Notes
