By Detlef Houdeau, Infineon Technologies
Automotive security applications have been around for over 25 years. Parallel to the growth of electronic control systems, electronic security applications have been developed to protect vehicle and driver from misuse, theft as well as cyber attacks. Anti-theft electronics were included in the BMW 7 series in 1982 and a smart card-enabled engine control system was patented in Japan as early as 1983. This article highlights the topic of IT security, based on smart card cryptography. It aims to give an overview of applications, motivations, legal restrictions, technology, potential abuse, the market, as well as security levels.
The requirements and challenges for automotive IT security systems are physically and technically different depending on the application:
a) For the motor vehicle
- (Anti-)theft protection: Immobilizer system;
- Legal restrictions: Electronic tachograph, electronic road toll, electronic vehicle registration;
- Confidentiality and reliability: Safety from interception and reliable communication of the motor vehicle with the outside world
b) For the driver
- Access control for external communication (e.g. UMTS; W-LAN);
- Anonymity: Cross linking of the motor vehicles versus invasion of privacy
- Legal restrictions: electronic driver card for the tachograph, electronic driving license and electronic road charge
This technical article covers applications using smart card cryptography, such as an electronic tachograph with driver card, electronic vehicle registration, electronic driving license and electronic road toll. It shows the development from a paper document to an ID1-card with new optical security elements and how, with this approach, fraud of documents can be reduced. The article aims to draw attention to the fact that, in combination with an integrated microcontroller, additional electronic security features could be realized in an ID1-smart card, such as archival and new application standards, i.e. EC2135/1998 for the EU-Tachograph driver card or ISO 18013 for the electronic driving license
Application Status & Prospects
European tachograph & driver’s card
In 1998 the European Commission mandated the change for heavy vehicle tachographs based on paper recordings into an electronic tachograph with a driver card in the ID1-size (1). The European directive EC2135/1998 was obligatory for the registration of new medium and heavy vehicles, like trucks from 3.5t and buses with at least 9 seats from 1 May 2006 in all 27 EU member states. With the electronic tachograph, an On-Board-Unit (OBU), mounted in the motor vehicle in combination with a valid driver card, records the driving time, the rest period and the driving speed with data derived from an engine mounted sensor sending cryptographic encoded signals to the OBU. The information can even be used for a crash analysis (as per an aircraft black box).
After four years of implementation in all EU member states the rate of abuse was less then 2%, relating to the total issue card population and to the whole timetable. This rate of abuse is just based on driver cards, which were reported as stolen or lost. However there is no record of any manipulated driver cards in the member states. With the notice of loss and the following attainment of a new driver’s card, the driving times can be stretched abusive. To avoid this abuse across companies and across states, the European central registration office MEBA (Member States Back Cards Analysis Working Group) was founded by Joint Research Centre (JRC) in Ispra, Italy at the 30. May 2008, reporting directly to DG TREN (2).
In Germany, home of some of the biggest logistics companies worldwide, the annual demand is about 400,000 tachograph driver cards.
Besides the driver card there is a defined and specified vehicle owner card, a garage card and a police card. For the electronic readout of the personal information, for example at a police control, a 3-factor authentication is used: The Card-to-Card system combined with a PIN for the authorized person.
It is interesting to assert that there exists an EU consistent specification for the tachograph, but no mirrored international standard, e.g. in the ISO- CEN- or ETSI-range. The different smart cards and OBUs need security certifications based on the CC scheme (ISO 15408).
Because of the experience of over ten years with the electronic tachograph, the EU commission announced a public consultation between the 23 Dec. 2009 and the 1 March 2010. Aim of this review was to discuss the second generation of the tachograph. The published output of this consultation includes improvement proposals such as increased security and optimized control processes. (3)
European electronic vehicle registration card
To avoid abuse of the motor vehicle lifetime records, the EU commission published the directive EU- 2003/127/EC for electronic motor vehicle registration (4). The focus of the directive was the member states’ government offices for motor traffic as well as vehicle manufacturers. Besides a printed document it is now possible to have a smart card as a vehicle registration card with specified optical and electronic security features.
The validity, though state dependant, is typically 10 years. The interface standard is ISO/IEC 7816, the communications protocol follows the ISO/IEC 7816-3 and the smart card is to support various certificates in accordance with X.509v3 after ISO 9594-8. The necessary security feature is commensurate to the Common Criteria (ISO 15408) level EAL 4+.
Slovakia issues 900,000 smart cards per year for new motor vehicle registrations and for transfer-registration. Austria, Hungary, Turkey and Egypt are now are also considering the introduction of such registration cards.
This development is another step towards the harmonisation of documents and IT security within the EU. Similar to the tachograph with driver card, there is no an international standard at ISO, CEN, or ETSI for the electronic motor vehicle registration.
Electronic driving license
Unlike the other applications we cover in this article, the electronic driving license has been introduced for mass issuance. El Salvador moved from a paper document to an electronic driving license in 1998, to increase traffic safety. Before the introduction, forged driving licenses, unlicensed driving and unauthorised school buses contributed to many road traffic accidents with accordingly high casualties.
The ISO standard allows for biometric data e.g. photographs, fingerprints, and iris to be included on top of the common mandatory data element set. . The smart card can be contact based as well as contactless.
Today, about ten states worldwide have implemented electronic driving licenses: El Salvador, Hong Kong, Japan, India, Mexico, Morocco, US federal state Washington, Canada, Malaysia and Sri Lanka. Currently the biggest issuer of electronic driving licenses is Japan with about 15 million cards issued each year. In Japan there are about 80 million driver licenses issued with validities between three and five years.
In Europe – with its 27 member states – about 300 million people hold a driving license and about 110 different documentations are permitted. In Germany, for example, there are six licence variations (grey document, pink document, past DDR driving license, Saarland driving license, Federal Armed Forces driving license and the new EU standard licence card). In 2006 the EU commission proposed a consistent EU driving license to avoid abuse, to improving the security of drivers in terms of traffic as well as to allow better control of the validity. The EU driving license has to be issued in all 27-member states latest by 2013. (See EU Directive 2006/126/EC (5)). The target is a driving license in ID1 format, made of polycarbonate, valid for then years. There is an agreed card layout and five optical security features were defined as as minimum set of security requirements. Also the vehicle classes have been harmonized.
In the last 24 months the three EU states Great Britain, Netherlands and France have started to develop and test the electronic driving license after ISO 18013. Also in the Netherlands there were field tests in 2009.
More states are considering the combination of the EU ordinance 2006/126/EC layout requirements of the driving license with ISO 18013 and electronic security. This includes Spain, Poland and Sweden. In each case the appropriate ministries are waiting for further recommendation for the electronic driving license, which is estimated of the EU Commission’s DG TREN in autumn 2010.
Electronic Toll Collection (ETC)
The aim of the Electronic Toll Collection is to impose automatic road tolls for long distance routes, usually on motorways as a way of justifying building costs and later as a means of traffic flow management. The first implementations of what was known as “Touch&Go” solutions on the basis of contactless chip cards were implemented in Asia between 1995 and 1998. These contactless memory cards, used for all vehicle categories, were generally installed at tollgates. The reading range of the memory card was typically a few centimetres. The disadvantage of this solution is that the vehicle has to come to a complete halt. Alternative solutions are being developed for moving traffic, for example with semi-active transponders, operating in the VHF or ISM bands which are located on the inside of the vehicle’s windscreen. The contactless communication can operate with an average vehicle speed of 60 km/h with the tollgate reader located above the road. Such solutions, known as “Fast-Lanes”, can be found on Austrian and Spanish motor-ways.
ETC for special areas and for heavy goods vehicles is also working with satellite-based tracking systems. Solutions such as DSRC (Dedicated Short Range Communication, frequency of 5.8 GHz, CEN TC278) and GPS (Global Positioning System) are available in Switzerland and Lichtenstein since 2005. The ETC in Germany is an expansion of this solution. A total of over 12,000 km of motorways are covered with this toll collection system with about 2,500 interchanges, 251 motorway junctions, 300 control-bridges combined with 3688 toll terminals as well as 278 control vehicles of the German Federal motorway company (Bundesautobahn-Gesellschaft; BAG).
The “free-flow” system considers the number of axles and the pollutant category of the vehicles and can be extended for different areas or different time-based toll collect structures. The security system is based on four different smart cards:
- Smart cards, inserted in the vehicles On-Board-Unit (UBU), for secure transfer of the toll collection data to the data centre;
- BAG control smart cards for a stationary and mobile control of BAG’s staff
- Smart cards on critical points, for authentic positional formation at critical route sections and road works
- Smart cards for authorised service partners, ie. For fitting and updating OBUs.
The ETC cards deployed are based on a crypto-controller, with chip hardware-security certified to CC EAL 5+ (ISO 15408) as well as application software-certified to CC EAL 4+. Also, in December 2004, the Toll Collect GmbH was awarded a base security certificate from BSI. This required more than 1600 security measures for the computer centre, for the facilities, for the IT-network components, for the server and for the clients to be implemented. Germany, well known as transit state for logistic companies, each year issues ca. 300.000 ETC cards.
Recently the EU directive 2004/52/EU on interoperability of electronic toll collection systems was published. The decision 2009/750/EC states that from 9 October 2012 the implementation in all heavy vehicles must be achieved. For all other vehicles an extension time of two years is granted (6).
Are synergies of the four single applications possible?
First observations show that two of the four described applications are personal smart cards (electronic driving license, tachograph driver card) and two are motor vehicle based smart cards (electronic vehicle registration, ETC). From this fact, two paired synergetic approaches are derivable:
- Personal applications: Electronic driving license in combination with tachograph driver card. The user group are truck drivers from 3.5 tons and busses with 9+ seats. This group represent less than 10% of all vehicle drivers in the European Economy Area. The solution could be, for example, a hybrid card, with the electronic driving license function along ISO 18013, contactless (ISO 14443) configured and the tachograph driver card is furthermore contact based (ISO 7816). With this, electronic isolation misuse such as cross reading would not be possible.
- Motor vehicle based applications: Electronic vehicle registration in combination with ETC; the user group are trucks and buses, registered in states with issuing electronic vehicle registration cards, which are moved in the area of an ETC-system. The overlap with all vehicles (incl. passenger cards) and the penetration with a consistent ETC-system would be estimated in the European Economy Area with less than 2%.
Possible barriers to such combinations should be identified: Different validity of the cards, different issuers, various card layouts, various payment routines, different infrastructures, e.g. card reader, different communication protocols, various card reader authentication protocols and different security requirements. It is estimated that these four single applications will run for many years as isolated single applications in the automotive area.
Today only the electronic tachograph system has reached universal acceptance in Europe and beyond. However, since its inception in 1998 until the area-wide implementation in 2006, eight years had passed in this particularly regulated market. By extrapolation, it is difficult to estimate how much longer the EU members will need with the voluntary introduction of schemes like the electronic driving license and electronic vehicle registration card. Further complications can be expected if competing legacy systems are in place, like some of the electronic toll collection systems in the European Economy Area. IT security on the road has shown to improve safety of vehicle users and the general public. The electronic tachograph has resulted in less misuse of vehicles and fewer overworked drivers. Electronic vehicle registration will reduce the use of fraudulent documents, leading to fewer unsafe vehicles. Electronic driving licences reduce abuse of paper documents and, as a result, fewer illegal drivers on the road. Electronic toll collections improve road use efficiency, reduce carbon emissions and ensure that the biggest users help pay for any improvements. In the future there will be enhanced communications technology for vehicles and drivers, giving the chance for more information to be available on the move. The data can be of benefit to the user or a threat if misused. However, only the continues collaboration of legislators and stakeholders can lead to improved safety, security, privacy and control of data.Sources:
- (1) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:1998:274:0001:0021:EN:PDF
- (2) contact: firstname.lastname@example.org
- (3) http://ec.europa.eu/transport/road/consultations/2010_03_01_tachographs_en.htm
- (4) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2004:010:0029:0053:EN:PDF
- (5) http://ec.europa.eu/transport/road_safety/behavior/driving_licence_en.htm
- (6) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:268:0011:0029:EN:PDF