Yesterday I visited the CAST-Workshop on mobile security for intelligent cars, which ended with a very interesting discussion that illustrated the complexity of the problem and raised many interesting questions. First the speakers gave a good overview over the main research areas and important projects like Evita or SIM-TD, which is said to be the biggest field test world wide, that focusses on car-2-x-communication. Everybody agreed on the main distinctions (Safety vs. Security; in-car communication, car2car communication, etc.) and privacy issues were the main topic. As Frank Kargl from the University of Ulm pointed out, the car has a strong connection to its owner and its movements might tell a lot about the individual. Already privacy concerns have entered the car world, because navigation tools send home gps information and companies like Tom Tom generate a large data collection.
Everybody agreed that privacy may be paramount for user acceptance at least in Europe and that safety is an important topic. Marc Menzel from Continental pointed out that car2car-communication will only be effective if the majority of cars is equipped with on board units. This however may take ten years or more. Therefore mobility functions and car2infrastructure communication will probably be the first signs of future eSafety. As an example Menzel named basic services as the identification of road and traffic conditions, in order to tackle route congestion and event related road dangers. Economic factors will also be of importance. Of course there are ideas of identifying the cars with help of PKI, but any certification will cost money and how much will a car owner be willing to pay?
This question triggered a lifely discussion about what degree of security is needed and it became apparent that there is no consensus regarding key applications and their main use cases and therefore no least common denominator. Menzel pointed out that IT security has to consider the complete car system, i. e. include other technologies and procedures into its scenarios. If for example a hacker would impersonate an ambulance one would not have to use IT means to identify the driver – the license plate filmed by a video camera would do. On the other hand Marko Wolf from Escrypt made clear that the possibilities of a car attacker go beyond those of a normal IT hacker, because the first can launch an attack from the inside, offline and even has physical possesion of the target. In contrast an attacker, who tries to overtake a server does not have these opportunities.
During a coffee break a colleague point out that the car industry should learn from the internet and just establish basic means for communication (protocols & on board units) and leave the rest to developers. I don’t agree because using a car is much more dangerous than using your pc. I might trust my browser blocking some new window but not my car deciding which way to go – at least not yet. Still it is an interesting thought, like the use of open-source code for in vehicle communication, because this might change the value chain of the car world, not to mention the life-cycle. Can you imagine a patch tuesday for your car? What went absolutely unnoticed was the psychology of the driver: I just can’t imagine how my father will respond to an intelligent car. To condition the user might take some years. But even if the system is accepted easily, there may be a falls alarm and what if somebody dies because the driver followed the system’s instruction? A lot of security questions, but the reality does not need to answer them all at once. The combustion engine was invented in the 19th century, the safetybelt followed 100 years later.