[Cryptography] How to crypto secure speed limit signs

Natanael natanael.l at gmail.com
Wed Mar 25 10:26:32 EDT 2015


Den 25 mar 2015 14:59 skrev "Henry Baker" <hbaker1 at pipeline.com>:
>
> FYI -- In order to keep these Fords from being spoofed, we would need to
"secure" each speed limit sign with a crypto signature.  Presumably, this
could be done with a QR code.
>
> But how to avoid a "replay" attack -- i.e., cloning an existing sign &
installing it somewhere else?  Should the QR code crypto sign the sign's
GPS coordinates?  Wouldn't that make speed limit signs pretty expensive to
manufacture & install?
>
> Ditto with all kinds of other street signs.

The only thing that makes sense IMHO is a good GPS and signed official map
data kept frequently updated. (yes, GPS spoofing then becomes the new
issue...)

You could however let the signs double as radio beacons - your vehicle can
ignore any obviously wrong signals, while also letting the beacons assist
positioning. If you keep them online (mesh radio, or listening to
broadcasts?) they can also broadcast their own ID + position + current time
+ given speed limit.

Secure positioning is a whole other matter. one potential solution that
have been considered is letting the client devices compare measured noise
with the servers (or beacons) to verify proximity.

Also plain challenge-response with timing - any relay must inherently add
latency, therefore you know the beacon isn't actually as close as it
appears.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150325/dd1dc977/attachment.html>


More information about the cryptography mailing list