PRESTvO: PRivacy Enabled Smartphone-based access To vehicle On-board units

TL;DR

This paper proposes a privacy-preserving, role-based smartphone access system for vehicle on-board units using advanced cryptography, demonstrated through a practical implementation on modern smartphones and vehicle controllers.

Contribution

It introduces a novel access control framework combining role-based policies with identity-based cryptography and group signatures for vehicle access via smartphones.

Findings

Feasible implementation on modern smartphones and vehicle controllers.

Effective privacy preservation through group signatures.

Cryptographic protocol suite suitable for automotive scenarios.

Abstract

Smartphones are quickly moving toward complementing or even replacing traditional car keys. We advocate a role-based access control policy mixed with attributes that facilitates access to various functionalities of vehicular on-board units from smartphones. We use a rights-based access control policy for in-vehicle functionalities similar to the case of a file allocation table of a contemporary OS, in which read, write or execute operations can be performed over various vehicle functions. Further, to assure the appropriate security, we develop a protocol suite using identity-based cryptography and we rely on group signatures that preserve the anonymity of group members for assuring privacy and traceability. To prove the feasibility of our approach, we develop a proof-of-concept implementation with modern smartphones, aftermarket Android head-units and test computational feasibility on a real-world in-vehicle controller. Our implementation relies on state-of-the-art cryptography, including traditional building blocks and more modern pairing-friendly curves, that facilitate the adoption of group signatures and identity-based cryptography in automotive-based scenarios.