This document discusses the privacy implications of proposed connected vehicle technology. It summarizes the Dedicated Short Range Communications (DSRC) technology, which would allow vehicles to transmit location and trajectory data to nearby vehicles via radio signals. However, it notes that aspects like addressing, certificate management, and the backend interface have not been fully defined, raising privacy concerns about how device and vehicle identities could be correlated. It also expresses worry about potential commercial and infrastructure integration on top of the DSRC network.
1. Will Your Car Betray You?
Implications of proposed connected vehicle technology on
privacy
2. whoami
• BSEE, digital communications
• Too many years as a network engineer
• Santa Clara University Law student
• Research assistant providing technical expertise on privacy
audits and reviews
• Contracted by auto consortium to review privacy of
proposed vehicle to vehicle safety network
5. Dedicated Short Range Communications
a safety network transmitting vehicle trajectory and function
Alerting inattentive drivers will save lives!
6. Challenges of DSRC
The National Highway
Transportation Safety Board is
• Density considering a mandate to achieve
these.
• Integrity
Auto manufacturers are on board
with this
7. What DSRC Is
• IEEE 802.11p radio communications
• IEEE 1609
• Basic Safety Message API-like interface
• Data glob is a series of values for defined fields
• Only BSM interface to be presented to vehicle
8. What DSRC Is Not
• Connected to CAN bus OnStar or any other existing
network
• Routed* (a “proper” network)
• Commercial
9. Basic Safety Message Fields
• Position and positional accuracy
• Transmission, speed, detailed acceleration data
• Braking status, including stability control
• Path history and prediction
• Event flags
10. BSM Format
What’s missing?
Addressing.
Open sourcing apps that access this interface does not
matter.
12. about these certificates...
• Still haven’t nailed this down.
• Vehicle maintains a store of certificates
• Periodically changed
• Proposals for update period/method still being debated
• This includes updates for revoked
13. Where do Certificates come
from?
• Double-key system to isolate device ID from request
location.
• Can device IDs be correlated to people?
• Who issues these certificates?
• How does DSRC device request/receive certificates.
14. “Back-end interface”
• This also has not been decided
• Without infrastructure, models such as cellular, wifi how do
you connect?
15. Worrisome Development
efforts
• Commercial apps that ride on top of DSRC network
• Integration with public transit systems
• Fixed infrastructure
16. contact info
• Christie Dudley
• cdudley@scu.edu
• @longobord