Connected Vehicle Pilots Spur Development of Security Credential Management System (SCMS)

The Connected Vehicle (CV) Pilot program is sponsored by the USDOT Joint Program Office for Intelligent Transportation Systems (ITS) to pioneer the deployment of connected vehicle technologies in three U.S. locations. The three locations (New York City, NY, Tampa FL, and the state of Wyoming) and their contractors are currently designing and building hardware and software to implement ultra-fast vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I) and vehicle-to-pedestrian (V2P) communication. Trucks, buses, private automobiles, and pedestrians with smart phones will all be equipped with devices to communicate with each other to provide safety-related warnings and to run applications that reduce congestion, travel times, fuel usage, and emissions.

A key component of CV applications is the assurance that messages received from other devices are valid, i.e. that a received message has not been sent by a hacker or simply a malfunctioning device.  Traffic management functions, and even more crucially, split-second collision avoidance, depend on establishing that received messages can be trusted as accurate.  The mechanism that will ensure that CV messages can be trusted is the Security Certificate Management System (SCMS).  The SCMS system provides digital “certificates” to devices that have passed strict certification tests, and that have not subsequently been placed on a “certificate revocation list” because of inaccurate message content.  The digital certificates are valid for one week, so vehicles must obtain new certificates on a weekly basis, or else carry a large quantity of them.  All CV message content, including SCMS certificates, is encrypted and decrypted using well-established Public Key Infrastructure (PKI) processes, similar to the encryption used for online credit transactions.

The USDOT’s SCMS Proof-of-Concept (POC) was developed by the Collision Avoidance Metrics Partnership (CAMP), a consortium of automobile manufacturers, to answer unknown operational questions, develop policies/procedures, and to seek entities who are interested in deploying a national SCMS. An early version of the SCMS was used for the Safety Pilot Model Deployment in Ann Arbor, MI (2012-2013), but the CV Pilot program is the first large-scale CV deployment to use the SCMS to issue and update security certificates over the air as well as to assure anonymity and accuracy for all CV communications.  The use of the SCMS POC was a requirement by the USDOT’s CV Pilot Basic Agreement for at least one CV application, and as such it provides a basis for interoperability among the three CV deployment sites.  Vehicles from any of the three sites will be able to operate in the SCMS environment of the other two sites, an essential feature for a national deployment of CV-based applications. 

The three CV Pilot sites are following a well-planned and coordinated schedule to plan, design, and deploy their systems.  This schedule in turn has spurred the development and availability of the testing and production versions of the SCMS POC from CAMP. The sites will use the test version of SCMS POC for their initial system testing, and then will use the production version over the eighteen-month operational period to test how well the SCMS POC system works on a large scale.

The largest-scale deployment will be in New York City, where over 8,000 taxis, delivery trucks, and city maintenance vehicles will be using the SCMS POC simultaneously in downtown Manhattan and around the airports. These fleets, which for the most part remain within the city, will be required to download new SCMS POC certificates from the certificate authority every week.  In contrast, the fleet of long-haul commercial trucks participating in the Wyoming pilot may go months or longer outside the range of a certificate authority as they travel around the country.  For that reason, participants in the Wyoming pilot will download three years’ worth of certificates at the project start.  In Tampa, a special consideration is the integration of the SCMS POC security system with the security system already provided by the city’s commercial traffic management system, which handles communications between the “back office” system at the Traffic Management Center and the roadside units.  These differences in approach will help test how well the SCMS POC works with different implementations.

The three CV Pilot sites are currently coordinating the different levels of SCMS POC security that are appropriate for vehicles’ onboard units, for roadside infrastructure devices, for hand-held mobile devices, and for back office processing.  Collision warnings at all three sites, speed compliance and pedestrian warnings in New York City and Tampa, and other site-specific applications will all depend on secure, trusted messages to prevent hacking, device malfunction, and other types of system abuse.

A demonstration of the ability of the SCMS POC to deliver new sets of certificates to equipped vehicles and to support encrypted trusted communications among thousands of vehicles simultaneously will help validate the national SCMS concept.  Ultimately, the results and lessons learned from the Proof-of-Concept SCMS will feed the development and deployment of a national SCMS to support the nationwide deployment of connected vehicles within the next few years.  Thus, the CV Pilot program is providing a significant incentive and venue for development and testing of this key piece of technology.