How the Nexus PKI platform helps secure connected vehicles

Enabling trusted digital identities for all connected devices and services is a critical part of securing vehicle-to-everything (V2X) communication. Identity and security company Nexus Group’s public key infrastructure (PKI) platform has recently proven itself for this task with its reliability and high output rate, writes Magnus Malmström, vice president for CEO at Nexus.

The auto industry is undergoing massive disruption brought on by new technologies. One of the most interesting is V2X (also called car-to-everything, Car2X) communication, which enables improvements in road safety and delivers many other benefits to society. V2X communication can, for example, make it easier for emergency vehicles to get through to their destinations, enable autonomous driving and so-called platooning, help avoid collisions, make road works safer, and enable secure e-charging networks, car sharing, and personalized user experiences.

Trusted digital identities are critical for security

Since V2X communication technology relies on a constant transmission of data, there are security and privacy concerns that must be managed. The automotive industry understands that the public will not accept V2X systems without strong security mechanisms and an assurance of privacy, and therefore they must – together with government officials – ensure that security and privacy concerns are a priority and collaborate with technology providers to mitigate any risks that may arise from V2X technologies.

Enabling trusted digital identities based on digital certificates for all connected devices and services is a critical part of securing the rapidly emerging ecosystems of V2X communication applications, since this enables strong authentication, encryption, and integrity protection. The best available technology for providing cryptographically secure, unforgeable and theft-safe identities is PKI.

Watch video: How a leading automaker uses the Nexus PKI platform to protect Car2X communication

Anonymization provides privacy and trust

Nexus offers a flexible and scalable PKI platform based on open standards, which has a long history of enabling protected communication with and between people and things in business-critical processes. Due to its reliability and high output rate, it has recently proven to also be suitable for enabling secure V2X communication.

The Nexus PKI platform is one of the most comprehensive certificate systems ever built, and now we have also introduced a pseudonym scheme based on open standardization, with the aim to provide privacy for drivers when the vehicles communicate externally. At the factory, vehicles receive a long-term certificate from the long-term certificate authority, which can later be used to obtain short-term certificates from the pseudonymizing certificate authority. Our new pseudonym scheme ensures that each vehicle gets 50–100 certificates weekly that can be signed and updated remotely. As a part of the pseudonymization process, the V2X communication equipment in each vehicle is responsible for randomizing these certificates throughout the week. Any vehicle that is compromised can be removed from the system until trust is restored. Signed audit log records can be managed in accordance with desired retention periods.

Easy integration and capacity for millions of vehicles

Other key benefits of the Nexus solution for PKI-based automotive communication security are that it:

  • Has open interfaces that can be integrated into car production and logistical processes.
  • Provides a flexible, reliable and high-capacity certificate management architecture that can manage millions of vehicles.
  • Provides standard functions for certificate lifecycle management and certificate revocation lists (CRLs), enrolment authority (EA) and authorization authority (AA) certificate request and response messages that complies with to ETSI TS 102 941, TS 103 097 and IEEE1609.2, elliptic curve cryptography (ECC) key derivation using butterfly curves, and hash-based revocation and removal of certificates and audit records after retention period.
  • Is available both as a cloud service and for installation on premises.
  • Guarantees trusted software and development practices, as Nexus is certified in information security according to ISO 27001 and the platform is being recertified according to Common Criteria EAL4+.
  • Is a future-proof investment, thanks to Nexus’s participation in European research projects such as ECSEL SECREDAS, CEBOT and SecureIoT.