Download as PDF - Secunet
Download as PDF - Secunet
Download as PDF - Secunet
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
National<br />
Challenges for PKI Systems<br />
in Vehicles<br />
Conventional solutions are not enough<br />
Because of the special nature of the clients<br />
(vehicles, charging infr<strong>as</strong>tructure, traffic<br />
signals etc) which – unlike the computers in<br />
the company network – are not constantly<br />
reachable and which to some extent have<br />
much longer life cycles, they make specific<br />
requirements of their PKI systems that do<br />
not apply to most company PKIs. Similarly,<br />
specifications for Car2Car communication or<br />
Plug&Charge in the c<strong>as</strong>e of e-mobility define<br />
precisely what a PKI is expected to do.<br />
PKI systems have long been an established feature of inhouse<br />
networks and the internet. B<strong>as</strong>ed on <strong>as</strong>ymmetric cryptography,<br />
authentication mechanisms have been created with<br />
which more people work than you might imagine. Whether for<br />
online banking, remote login to the corporate network from a<br />
home office or even the new German national identity card, a<br />
PKI working away in the background is generally responsible<br />
for secure communication.<br />
More recently, various applications requiring a PKI have been<br />
introduced in vehicles:<br />
- digital tachographs<br />
- securing diagnostic access and information consistent<br />
with Euro 5 and Euro 6<br />
- securing onboard fl<strong>as</strong>hware for vehicle programming<br />
- securing TeleX services such <strong>as</strong> remote diagnostics and<br />
programming<br />
- internet in the vehicle<br />
- Car2Car communication<br />
- Plug&Charge for e-mobility<br />
For example, procedures and processes<br />
must be introduced to take into account<br />
the fact that parts of the PKI system may<br />
be available for online communication only<br />
on an intermittent b<strong>as</strong>is. The distribution of<br />
revocation information is just one example of<br />
this problem. In a PKI for Car2Car or Car2X<br />
communication, the number of subscribers can rise exponentially.<br />
There will be hundreds of CA systems and millions of<br />
vehicles all around the world that have to be supplied with key<br />
material and certificates, and at the same time, data privacy<br />
protection legislation will require that each vehicle is equipped<br />
with several hundreds or even thousands of certificates.<br />
Car manufacturers may already be aware of some of these<br />
problems <strong>as</strong> a result of similar issues with their own company<br />
PKIs for employee badges or SSL certificates for web<br />
services. Nevertheless, these new special c<strong>as</strong>es present them<br />
with unprecedented challenges in the management of cryptographic<br />
keys and certificates that cannot be resolved with the<br />
already established processes of introduced PKI systems and<br />
therefore require new approaches to the issue of PKI.<br />
More information:<br />
Andre<strong>as</strong> Ziska<br />
andre<strong>as</strong>.ziska@secunet.com<br />
10 » 1 | 2013