Thoughts on ITS ...
A few years ago I wrote a contribution to a book on ITS and I looked at security aspects. I've revisited what I wrote then and offer a very slightly updated summary of my introduction to the chapter.
Intelligent Transport Systems (ITS) are a specialised subset of machine-to-machine communications in a software driven and all-connected world. There are a number of dimensions of ITS and different authors may present different lists of them but for the purposes of examining the security issues this list will suffice:
- Advanced Traveller Information Systems (ATIS),
- Advanced Traffic Management Systems (ATMS),
- ITS-Enabled Transportation Pricing Systems,
- Advanced Public Transportation Systems (APTS),
- Vehicle-to-Infrastructure Integration (VII), and,
- Vehicle-to-Vehicle Integration (V2V)
Co-operative ITS (C-ITS) sits in this list as a special case of both VII and V2V, with the functionality of C-ITS centred on the exchange of data between co-operating ITS stations. My view is that this leads to a "root concept" that underpins C-ITS, and that is the process of giving machines some degree of spatial awareness. In moving along this concept we use that spatial awareness to protect both an ITS-Station's own space and the space of all other transport users. If we consider the thing that seems to concern most motorists more than anything else, it is fear of having a collision. This ranges from a little bump in a car park all the way to the catastrophic collision on a motorway. The basic idea of spatial awareness as a defence comes from martial arts -- if you know where your opponent is aiming then make sure you're not there when his blow lands. Same in a car -- if something is on a path to hit you make sure you're not there when the blow lands or be in a position where the damage is negligible. Is the martial arts analogy still valid? I think so but it also raises a concern that our roads are battle-zones and if we treat vehicles as fighters we could end up in a very bad space. So let's not think about fighting but about sharing.
Spatial awareness for a driver means being aware of where you and your vehicle are with respect to all other vehicles and the infrastructure in order to ensure that you are not encroaching on the safe zone around any other road user. In a conventional vehicle this means using your senses of sight and hearing to continuously build up a mental 3-dimensional map of the other road-users around you and working to ensure you are "safe" with respect to them. This is done through constantly using mirrors, moving around to eliminate blind spots (not moving the vehicle but your body), listening for other vehicles and so forth. However in many ways the design of road vehicles has increasingly limited the ability of a driver to build up this 3-D mental map by being quieter, having more restricted visibility and having a number of distraction technologies to hand (e.g. phones, music, navigation tools). The excuse of "I didn't see you" is the first thing to be reported from far too many accidents and one of the roles of C-ITS is to eliminate the blind spot and allow vehicles to see each other in all environments.
One of the other concerns raised when C-ITS was first conceived is that by transmitting information that allows receivers to build up a spatial model of how your vehicle is interacting with it, the same data could be used to track you. C-ITS has been designed to operate in areas of the world where expectations of privacy are high and therefore the protection of users from being tracked, or of their transmissions being used against them, has been very high on the agenda and C-ITS has been built to maximise privacy protection.
The bulk of ITS types (ATIS, ATMS, APTS, etc.) are data centric, in that they gather and distribute data. What differentiates them is where the data comes from and who its intended recipients are. For VII and V2V, and more specifically C-ITS, data comes from the co-operating vehicles and is intended for those vehicles. In the native environment in which vehicles find themselves the safety of any individual vehicle is determined by a set of factors that include:
- Driver awareness,
- Vehicle road-worthiness,
- Road conditions,
- Weather conditions,
- Traffic signalling,
- Relative velocity,
- Other vehicles
What C-ITS will achieve, at least in intent, is greater driver awareness by giving authoritative information to the driver on their relative velocity and the presence of other vehicles and their vectors. The key term is "authoritative information". The purpose in C-ITS security is to assure the receivers of C-ITS data that it genuinely comes from a vehicle and is an accurate representation of the location and nature of the vehicle.
So what's new? I guess the biggest challenge to C-ITS is a threat to the radio band in use. If C-ITS was to be on a single dedicated frequency band, with one and only one transmission option, for example the G5 radio defined mostly in the IEEE as 802.11p (now just one mode in 802.11) is ideal - it is range limited, it is power limited (the combination of the frequency and transmission power serve as a physical limit to the range). Expanding C-ITS to a cellular infrastructure could change the whole interpretation of spatial awareness and I'm going to dedicate a blog-post to that fairly soon.