Overview:
IEEE 1609.2 and Connected Vehicle Security: http://csrc.nist.gov/groups/ST/ssr2016/documents/presentation-tue-whyte-invited.pdf
- The Connected Vehicle system is going to result in more than 300 million devices with needs for secure communication.
- In 2003, the decision was taken to create a standard for security for this communication that was distinct from existing standards
- X.509, S/MIME-CMS, etc
- The standard, IEEE 1609.2, contains a number of crypto and protocol design decisions that are different from protocols attempting to do similar things
- Although it was developed in public, and although it will go into cars, it has not received the level of scrutiny that higher profile standards have
- In 2012, the US and European versions of this standard diverged and are now incompatible
- Creates a dilemma for, e.g., Australia
Packet Format:
ToBeSignedData ::= SEQUENCE {
payload SignedDataPayload,
headerInfo HeaderInfo
}
HeaderInfo ::= SEQUENCE {
psid Psid,
generationTime Time64 OPTIONAL,
expiryTime Time64 OPTIONAL,
generationLocation ThreeDLocation OPTIONAL,
p2pcdLearningRequest HashedId3 OPTIONAL,
missingCrlIdentifier MissingCrlIdentifier OPTIONAL,
encryptionKey EncryptionKey OPTIONAL,
...,
inlineP2pcdRequest SequenceOfHashedId3 OPTIONAL,
requestedCertificate Certificate OPTIONAL
}
