A Pathway to Secure Connections
USDOT is leading the way for research, design, and implementation of a security system for connected and automated vehicle networks.
|Trust and protection of individual privacy, facilitated by an SCMS, are critical to ensuring successful exchange of information among vehicles and other devices.|
Today's average smartphone wirelessly exchanges various kinds of data such as contacts, photos, videos, and location information between multiple parties using Bluetooth®, Wi-Fi, and cellular technology. For example, the Apple® iPhone® features an app called AirDrop® that enables the exchange of photo albums, events, journals, and slideshows directly to another Apple device using Bluetooth or Wi-Fi technology.
In a similar manner, vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications, which are part of connected vehicle communications, enable the wireless exchange of information among vehicles, roadway infrastructure, traffic management centers, and wireless mobile devices. But, how secure is this exchange of information? A security system is critical to ensure that users of connected vehicle technology can trust in the validity of information received from other system users—even indistinct users who they do not know personally.
|The fundamental framework of a system using digital certificates requires four key components (confidentiality, authentication, integrity, and nonrepudiation) and four structured segments (technology, implementation, policy, and standards).|
The U.S. Department of Transportation (USDOT) is committed to ensuring that connected and automated vehicle (CAV) technologies operate in a safe and secure manner that protects user privacy. Since 2013, USDOT has led the way in research and implementation of a state-of-the-art security system for CAVs that use connected vehicle communications.
Systems for connected vehicle communications use digital certificates to exchange information that all elements, including vehicles, roadway infrastructure, and traffic management centers, can validate. In cryptography, a digital certificate or public key certificate is an electronic document that proves the ownership of a digital public key—a key that the owner can share with everyone.
Each digital public key has a matching digital private key, which is known only by the owner of the digital certificate. The digital certificate in turn contains information about the identity of the owner, a unique digital signature, and the means to verify the authenticity of the digital signature using the digital public key.
Digital certificates are the basis of a fundamental framework for a system that ensures users can trust the validity of information received through connected vehicle communications. This framework requires four key components and four structured segments.
The four key components of a trusted digital certificate system are confidentiality, authentication, integrity, and nonrepudiation, or CAIN. Confidentiality means the information exchanged within the system can be kept secret. Authentication is the process of confirming the information is valid. Integrity ensures the system has not been corrupted, and nonrepudiation provides proof of data and system integrity so that an information transmitter cannot deny having sent the information.
|Communication between vehicles requires both security and privacy of the data exchanged.|
The four structured segments are technology, implementation, policy, and standards, or TIPS. Technology is the use of mathematics and algorithms to encrypt data, and implementation is the execution of the algorithms using software applications. Policy is a system of principles, procedures, or protocols that govern the outcome. Standards are widely accepted, adopted, and implemented rules and guidelines that are normally compliance processes but are not mandatory.
These four key components and four structured components are starting points for a structured framework using digital certificates that researchers and designers can build on for more complex systems.
USDOT's Proof of Concept
To test a digital certificate system in a connected vehicle environment, USDOT created the Crash Avoidance Metrics Partnership in 2014 with automotive industry and security experts to design and develop a state-of-the-art security system that enables V2V and V2I users to have confidence in one another. The partnership developed the Security Credential Management System (SCMS) proof of concept, a message security solution for connected vehicle communications that provides extensive knowledge, insight, and policies for a security system.
The SCMS proof of concept employs innovative methods of encryption and digital certificate management to facilitate trusted communication. It generates and distributes digital certificates to authenticate and validate the safety and mobility messages that form the foundation for connected vehicle technologies. The SCMS proof of concept also plays a critical function in protecting the integrity of the system by identifying and removing misbehaving devices while still maintaining privacy.
|The USDOT Connected Vehicle Pilot Interoperability Test successfully demonstrated interactions among different sites' onboard units and among selected onboard and roadside units.|
"Unlike other systems using digital certificates, the certificates from the SCMS proof of concept system contain no personal or equipment-identifying information," says Justin Anderson, a senior ITS systems engineer at Noblis. "This protects the privacy of vehicle owners while serving as system credentials so that other users in the system can trust each message."
USDOT concluded its research in December 2018 on the SCMS proof of concept and will publish several documents later in 2019, including the concept of operations, policies, and procedures.
|Pilot Program Websites||
|Security Management Operating Concept (SMOC) Plans|
In addition to its proof-of-concept research, USDOT has successfully executed a real-world test of a digital certificate system as part of the Connected Vehicle Pilot Deployment Program. The program involves three locations in the United States: New York City; Tampa, FL; and Wyoming.
In September 2015 (phase 1) and September 2016 (phase 2), USDOT awarded contract agreements totaling more than $45 million to Florida's Tampa Hillsborough Expressway Authority, the New York City Department of Transportation, and the Wyoming Department of Transportation to implement a collection of connected vehicle applications using V2V and V2I communications. During phase 1, USDOT provided requirements documentation, slide presentations, and a webinar for interfacing with an SCMS. Each of the pilot sites was required to document and present a security management operating concept plan outlining the security mechanisms to protect data information flows, privacy, and security within a connected environment.
In June 2018, USDOT and the three pilot sites successfully demonstrated the exchange and validation of digital certificates using common standards during an interoperability test held at the Federal Highway Administration's Turner-Fairbank Highway Research Center in McLean, VA. USDOT and the pilot sites conducted the test to demonstrate and validate that a vehicle with an onboard device from one of the sites was able to securely receive messages from onboard units and roadside units from another pilot site, in accordance with the key connected vehicle interfaces and standards. (For more information, see "Setting a Course to Interoperability" in the Spring 2019 issue of PUBLIC ROADS.)
|A vehicle from Tampa (white car) waits as it receives an intersection movement assist warning from a New York City vehicle (black car) during the interoperability test.|
"A test of this nature, involving three deployment sites and five device vendors, had never been done before," says Deborah Curtis, a highway research engineer at FHWA's Office of Operations Research and Development. The demonstration showed that digital certificates from an SCMS would enable vehicles and the roadside infrastructure to exchange information and use the information in a consistent manner, regardless of the manufacturer of the vehicle, device, or roadside equipment.
The successful implementation of digital certificates from an SCMS required extensive documentation and collaboration over a 4-year period. USDOT has assembled a collection of documents, presentations, and webinars that are available online for free. In addition, there are several webinars, slide presentations, and SCMS requirements documents for achieving a security system using connected vehicle communications in a CAV environment. These resources are available from USDOT's SCMS website at www.its.dot.gov/resources/scms.htm.
Next Steps Toward a Full-Scale SCMS
After 4 years of researching, designing, building, and implementing the SCMS proof of concept, USDOT is leading the facilitation of a full-scale SCMS as the next step to a digital certificate system in a connected vehicle communications environment. The SCMS Deployment Support Project aims to help identify and explore potential strategies for the establishment and governance of an SCMS ecosystem through engagement with stakeholders. The stakeholders range from automakers, cybersecurity organizations, digital certificate subject matter experts, roadside and onboard unit manufacturers, State governments, and telecom providers.
In fall 2018, USDOT conducted two workshops with stakeholders in McLean and San Francisco, CA, to explore potential strategies for a full-scale SCMS ecosystem. The goals were to: (1) identify one or more potential SCMS ownership and governance models, along with the next steps needed for deployment, and (2) develop a foundation for a working group/consortium to lead or assist in planning for the full-scale deployment and certificate policy development, as well as determine the role of USDOT in supporting the working group.
Workshop attendees addressed four main objectives: First, to refine understanding of stakeholder motivations, interests, concerns, and willingness to dedicate resources to deploy SCMS nationally; second, to develop ownership and governance models and the qualifying information about these models, such as steps that are needed for successful deployment to determine feasibility of the models; third, to define SCMS manager roles and responsibilities based on models favored by stakeholders; and finally, to identify and describe additional challenges, risks, and opportunities to deploying and operating a functional and sustainable full-scale SCMS.
USDOT is compiling and analyzing the results of the workshops and anticipates publishing the findings in late 2019.
"This is important work," says Ed Fok, a transportation technology specialist in FHWA's Resource Center. "An interoperable and open SCMS is essential to meet safety and mobility goals in our cooperative, automated transportation future."
Jonathan Walker, Ph.D., P.E., is the chief of policy, architecture, and knowledge transfer in USDOT's Intelligent Transportation Systems Joint Program Office, where he manages the SCMS proof of concept project. He holds a Ph.D. from Virginia Tech, an M.S. from Johns Hopkins University, and a B.S. from Howard University, all in engineering, and is a licensed professional engineer in Maryland, Virginia, and Washington, DC.