Securing Intelligent Transportation Systems (ITS) and vehicle-to-infrastructure (V2I) remain a key challenge for governments and private infrastructure providers alike. V2I and ITS reduce road congestion. They unleash the potential of existing infrastructure. The data collected and generated by intelligent infrastructure can create the possibility of actively forecasting and shaping the traffic volume – in real time and in view of long term needs. At some point in time, vehicles themselves will be both contributing and receiving information on which route, speed and time slot to take. On top of this, this information provides a broad basis for new commercial services, e.g. parking space apps or pay-per-use traffic priority. So V2I & ITS developments can not only help reduce traffic issues, but also create new revenue-generating opportunities for local and state governments and private enterprises alike.
Utimaco and HSMs provide a secure solution: the Utimaco standard SecurityServer and the SDK version as well as the Utimaco Payment HSM can be used as a Root of Trust in security solutions relevant to ITS and V2I.
Many challenges car makers encounter while preparing for the deployment of V2I can be resolved by using customizable solutions like Utimaco’s HSMs as the Root of Trust for key generation, storage and decommissioning.
Both governments and private enterprises face one big challenge: data protection and data abuse prevention. Consumers want their personal information to stay private and secure. The data generated includes
The highly sensitive data can be captured by the infrastructure – not just the vehicle. Securing the latter is already a major theme for car makers. Also, infrastructure providers, both in government and from the ITS industry, are working together to develop an approach that secures privacy and prevents abuse.
In many cases around the world (for example in Shanghai, on German Motorways as welll as Austrian secondary roads) encryption is recognized as one main technology to be used for preventing abuse and protecting consumer private data. It goes without saying that – even without General Data Protection Regulation (GDPR) – if data is collected on such a scale and is of such value, encryption keys need to be stored in HSMs.
Digital certificates and encryption have already been labeled one of the most important components of V2I security and that is why Utimaco’s Hardware Security Modules (HSMs) are used as the Root of Trust in some of the biggest toll collection projects in the ITS industry.
Encrypted Communications ensure any exchange of vehicle usage data, as well as storage of the data, takes place in an encrypted database. This ensures that data at rest is not accessed without permission or tampered with, and remains inaccessible if stolen.
As automatic toll collection, intelligent parking and intelligent traffic services are an interesting new source of revenue, the intelligent traffic system and services industry is looking at how to make payment as convenient as possible.
To keep traffic rolling and consumers interested in using additional traffic services such as intelligent parking, payment has to be convenient. This is especially true for the charging process for electric vehicles, where the duration of the charging process needs to be kept to a minimum.
Payment systems need to be secure. Fraud with regard to personal payment accounts must be prevented. The move towards mobile payment for faster services is desirable. The good news: solutions that meet the Payment Card Industry Data Security Standard (PCI DSS) with payment HSMs like the Utimaco PaymentServer are already in place. The main challenge remains the integration of the 2 worlds of payment and the intelligent traffic systems.
What do a toll bridge and an oil rig have in common? They are costly installations, they are difficult to access and any unplanned maintenance or downtime is an immediate loss giver. Their systems should only be accessed by the appropriate personnel. The data that is transmitted to and from the bridge or the oil rig should only be accessed by the right applications and people and be protected from abuse. Strong authentication mechanisms are a pre-requisite for this, and so are code signing and over the air updating (OTA).
Utimaco has strong partners, experienced in implementing both authentication and remote maintenance mechanisms specifically for ITS. If you would like to learn more, contact us directly.
Here you will find brochures and data sheets, as well as our well-known “HSM for Dummies” e-book for download. We also provide you with a comprehensive set of case studies, white papers and past webinars. In the Utimaco Portal you can access integration guides and register for the Utimaco HSM simulator or to access our broad knowledge base.All downloads
We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.