The cybersecurity of connected and autonomous vehicles (CAVs) has been improved due to the WMG (Warwick Manufacturing Group) department of the University of Warwick which has tested four innovations that were results of the UK’s PETRAS Project.
In the near future CAVs are expected to become widely used across the UK and to ensure a smooth deployment, researchers from WMG undertook real-world testing of four academic innovations in the IoT-enabled Transport and Mobility Demonstrator project funded by Lloyd’s Register Foundation. Developed by the consortium of 12 UK universities that form the PETRAS (Privacy, Ethics, Trust, Reliability, Accessibility and Security) IoT Research Hub, the four systems are intended improve the security, privacy and safety of vehicle-to-vehicle/infrastructure (V2X) communications.
The four new innovations tested in the real world on the campuses of the Universities of Warwick and Surrey, as well as Millbrook Proving Ground, were:
- Group Signatures – For a vehicle to communicate it is important that the messages it sends contain a proof that the vehicle is who they claim to be (via a digital signature), but this identity can be tracked. In order to provide privacy a group signature can be used, which only indicates that the vehicle is a member of a group, and the scheme can be extended to use a timestamp that updates every 10 minutes as a component of the signature. This method would be useful in vehicle platooning where vehicles want to demonstrate they are part of the group.
- Authentication Prioritization – Vehicles will have limited computing resources and so will only be able to verify a specific number of identities included in messages per second. Therefore, the order in which the identity of messages are verified is decided based on assigning a priority to the messages, with higher priority messages verified first.
- Decentralised PKI – In order to check the identity of multiple vehicles in a short space of time, the public key of the other vehicle needs to be downloaded from a keyserver. However, hosting this keyserver in the cloud has limitations due to additional communication hops increasing the time before the vehicle receives the necessary keys. Instead, vehicles can receive these keys faster if the keysever is distributed over Edge infrastructure that sits next to the road.
- Decentralised PKI with Pseudonyms – This innovation extended the previous innovation to support periodically issuing new identities to vehicles on the road to provide privacy. Both this innovation and group signatures may be required, as they are useful in different scenarios.
“The cybersecurity of CAVs is key to make sure that when the vehicles are on the roads, the data is trustworthy and that vehicle communications do not compromise privacy. We tested four innovations developed in the PETRAS Project, and being able to apply them to the real world is the first major step in testing security of CAV systems,” explained project lead, Professor Carsten Maple of WMG. “Now we can focus on further testing in the real world, with future work to include testing on 5G systems, and with different types of attacks.”